Srđan Prodanović – September Ruby Meetup – livestream – v živo

okay so thanks everyone for coming first of all I’d like to ask how many of you are familiar with docker in general okay how many you are using docker in production okay very well thanks so if you have some zero-day information or if I’m not saying anything correctly you know just shout out or if you have any questions talk about it like people that talk can get free darker t-shirts at the end so that’s it so first for for the photo for the rest of you that haven’t heard about docker haven’t tried doctor yet here’s a little bit about why dr exists so today in this day and age the applications that developers are making ircon contain lots of little components and they exist in multiple different environments while they’re being made so what happens is that you may have a piece of code that is running on a developer laptop and then it’s running on an integration testing environment and in the end it might be running in production and it may need different services depending on whether it’s in development or whether it’s in production and all those things need little bits of configuration and what that used to mean by back in the day was all doing everything manually or writing really complex scripts to handle everything so darker kind of takes a hint from the shipping industry which had a similar problem where things used to you know be it was hard to pick how to put together pianos and barrels of wine and in which transport to put it like the same type of issue that occurs when you have a component of an application in the diff in development or production environment so what the industry came up with was a standard shipping container which was compatible with all the shipping options and all the people had to make sure was that their stuff would somehow fit within those containers and that’s precisely what dr. does it makes a industry standard shipping container for us to package our applications so they can be slotted together in different environments depending on on on youth so a little bit about how dr. works compared to other solutions of course the primary solution would be to have a physical server configured and like like your own developer machine for instance but the the industry norm before darker came along was hypervisor based virtualization so that was usually a host OS would have a hypervisor here and this thing would launch virtual machines depending on how much resources somebody would need to provision like an ec2 virtual machine would be something like this and the thing is that when you run these virtual machines there has to be an entire guest operating system in the mean in between the hypervisor and your and your the service inside there and that was quite wasteful right so the docker runs alongside containers and it doesn’t require an entire entire guest operating system between the server and the application at least not one more operating system so here we have a little bit shown shown a bit better so here is a container that has an app and it’s dependencies in there so what would happen is that when you make a copy of an application and you you install some new code into the container or a requirement it would copy-on-write so called it would just write the differences in to the new image so you can use diff based updates so this is a standard workflow for docker containers it’s a you have a docker file either on your machine or in some other machine and with that you can build a container and push it to the image registry from where it can be pulled down to other places in your infrastructure or to two other developers and stuff like that and

what would happen when you make updates to those container images is that only the the diffs are shipped down to the clients who are updating their they’re updating to the latest docker image so let’s see let’s reiterate once again the benefits of docker that of course the portability in the sense that it runs on any Linux kernel I think there’s some version requirement but it runs on most Linux kernels it’s lightweight compared to physical allocation or virtual machines and it separates the concerns so it lets developers focus on the internals of the container like make sure the application is configured and running in the container and the administration administrators the developer the development operations are just taking care of provisioning new instances to run those containers they don’t necessarily need to dig inside your application to deploy your app right so all the dependencies you need for application for this or the part of your application which you a container rising like it can be a micro service AB all the dependencies are shipped within the container and there’s also obviously better utilization if you compared to a physical server where you might run only one service you’ll have some Headroom left over that that your service isn’t utilizing and if you use elastic cloud for instance you can have some dynamic scalability but if you go fully like if you can deploy just containers your container host can be smart about where to allocate the next container to fully utilize the hardware that’s available so that’s better cost performance and if you split up your web application and services into multiple containers then you can scale individual type of container so for instance you have a one container for one container image for database one container image for app you can scale those individual so let’s talk a bit about the doctor engine it’s written mostly in gold but there’s some other stuff also namely docker compose is fig that is written in Python so what it does it uses a linux kernel namespaces to isolate the process identifiers the network inter-process communication the filesystem mounting and union file system and it uses three groups to control resource allocations so that individual containers don’t take over the entire processing power or they don’t take the entire io availability stuff like that and it split between a daemon which runs locally or on a server and the client that connects to the demon through a socket or or or a TCP port will and is secured with TLS encryption what you use to work with docker its containers but containers are made from images and images are like a read-only template that you can use to boot up a container quickly and those can be created or locally and pushed up to a central registry the docker hub or you can have a private registry for your organization where you share images and out of those images you instantiate containers which you can just run to to I don’t know deploy your app anywhere or you can use them to interactively work modifying create new containers new images out of existing containers so the docker hub it’s if you’re if you’re looking for a way to start quickly with docker it contains lots of official doctor images for application frameworks or four different for specific services that you are probably familiar with right and a little bit about orchestration the official part is made from three components and you use darker machine to provision locally or remotely

a host to be able to run the docker engine and then you can use swarm to in Easton start a swarm manager and Connect individual docker containers to this the swarm manager from where they can be controlled and dr. Campos can be used to easily declaratively set up multiple container application through a Yammer file for instance other solutions that I’ve been looking at our Cooper natives by Google which actually google has been using containers for quite a while but they had it internally and now with the advent of docker they modified their internal system I think it was called Borg to be compatible with containers and so you can deploy declaratively to google web search google cloud services or or for instance amazon or privately and another popular solution is days which is a bit more complex system for basically having your own Heroku platform as a service right so to start off there’s usually some things you might have to do but if you use the Installer those will be done for you and you will have you will have a virtual box dr. host on your computer so dr. runs best on based on linux and if you’re developing on Windows or Linux are Mac what you’ll actually do is have dr. run inside our at the end and then yeah yeah yeah ok so you okay so what you do is you run this country command which sets a few a few environment variables and these specify where your darker host is and this one is this is actually my virtual box virtual machine IP and port and where certificates for search for encrypting communications reside and stuff like that so now that I have this I can check what containers I have running now I don’t have any but I can go back and see like all the stuff I had running previously and I get hmm listen which case me yeah so I get container IDs which I can then use to make images out of those containers or resurrect them again so let’s just demonstrate quickly how fast it is to boot up a docker image of for instance hello world so what we do is darker run hello world and this oh I already tried this at home so it actually used the local cache what this did was it checked whether I have the hello world image and before at home when I didn’t have it it connected to the darker hub and downloaded the latest version of that image created a container locally from that image and launched the container printed out the output this hello from darker and the instructions and it killed it so if I go dr. PS there’s again nothing running but if I want to run something interactively and with a terminal attached I can run for instance an image of ubuntu very easily I think I need to say run so this

is also cashed but what it does it connects to the docker hub and it downloads an image of ubuntu Sophie so if you check this is linux running within a container so you can run yes within doctor yes so it’s automatic it’s it connects to the dr registry well those are usually like 70 or 80 megabytes so it’s literally as long as it takes for you to download 80 megabytes unwilling to try it here but i don’t know what what’s the thing that i would ha another 12 okay which is the dot version ok so now it says it wasn’t able to find it locally and found health and that’s it not doesn’t work I don’t know it’s downloading so I’m going to check out now I’m gonna see if there’s like maybe there’s a newer image instead ok so i guess i don’t i don’t have internet here for or do I no problem I’ll see if this if now which works we and so let’s see and ubuntu official tags here so yeah they do have 1204 here that’s okay this is a 2009 laptop so it’s taking a bit to load up the machine in the meanwhile i can check out like some stuff i wanted to show you may be right ports and linking cool so ok well now let’s see if we can get this right so it’s 42 megabytes and now it’s downloading it from the from the docker hub and it should should be running I said to run demonized just so to show that how about what it looks like when it’s detached so here we have a long ID for the application and we can also see it which I think I won’t be able to okay so now it’s executing the command sleep 16 and we can see sleep don’t you okay the weekend for instance connect to this to this container again by making it

executes another command like bash suppose and yeah we’re inside 12 12 well the thing is though that after this if you can see this process identifiers are unique to the docker to the docker container they don’t you that you don’t share process identifier space with the host and usually when the process with the PID one dies the container is done so that’s why before I could I couldn’t see it another thing the darker supports is port mapping so for instance if you have internal services that expose HTTP or similar reports you can map those locally so let’s run on nginx server and what we’ll do is we’ll have it pick its own boards and we’ll see here that it is forwarding its internal port 80 to to this high high port over here and what we need to do is you need to find the IP of our Virtual Box machine and we’re able to count communicate with this specific instance of engine X that is running within a container and what you might want to do is a socket those ports somehow with a proxy or something like that another thing that you could do is build an image that contains certain files like so I checked darker machine to to find the IP of the VirtualBox yeah this this was actually running an engine X container so it’s still running I previously downloaded an NG next container which I think contains small linux and engine X inside yeah so let’s see for instance you have a piece of static code here which is hello world and you want to create a container that ships with engine X and this static code embedded inside what you would do is make a docker file which in which you can say in which you can put a few statements the from statement decides from which docker image would you would like to build your image so you can say boom 24 1204 if that’s your thing to start with or you can use one of the official images like the engine X and then the copy command copies the contents of the working directory into a specified location within the image and then there’s a few other commands like add I think four volumes or anyways let’s try this what you do is you choose to build an image you give it a version and you’re specifying which directory and because I’m now in this directory I i created a new image so if I check docker images I have this image which I just

created here that contains that have a world code and contains engine X so now if in the future I would like to run this image I can just right so i can run a docker image which is it so here we see it running on port 3277 one and it contains both engine X and the code that we gave it another option to do to use when you’re developing is to run an image with some folders from the host mounted so you can change the source code while without restarting or rebuilding the containers what happens with mounted volumes is that they don’t even if internally they don’t transfer into the next image so those are perfect for like working sets but typically when you would deploy a docker image to production you wouldn’t like to you wouldn’t like to expect the host to have your source code because it’s it’s better to encapsulate it within an image this is good for development and another option is linking containers between each other and that’s done by so let’s say I have this placed in somewhere right you so I’ve now decided to run on image of postgres and give it an alias of database and because it’s not on this computer it’s being downloaded from docker hub and I should soon have in the background or a running database and the next thing to do is to run like your app or for instance your Ruby application or some other piece of infrastructure that connects to that image let’s say yeah that’s okay cool so now if we check under darker we have this engine X running which has a has a connection to the pole postgres and we can check this out if for instance we asked for a terminal right so if we check inside the etc hosts file will see that this there is an IP that is bound to the alias that we that we specified before and I guess we can try and ping it but I don’t think there is a post rest client in this engine X image installed but we could yep

does anyone know the syntax for connecting to a host name okay so this part of the demo will have to skip okay let’s see what else I have to say right so there’s a quite a good documentation at dr. calm and the docker hub contains a bunch of images for you to start work with like maybe some stuff you don’t even need to touch like a ready sora memcached image you just put it into your stack end and run along with it but of course there are a little bit bigger complications want to get to actually deploying this introduction and so if there’s anyone that has like number one pain point when using the doctor in production well does anyone have any contributions comments okay layers when you come to like 40 layer it’s priscilla three days that means if you export to dark removes all system quite slow when crepitus test it’s past due to instantiate a new image that’s the only thing that’s fasted okay and what do you guys use for the sharing secrets with in production with the systems okay right so there’s obviously darker is the on one hand it’s it’s great for production but it takes a little bit more orchestration to manage discoverability and sharing secrets but it’s very good for development as well because you can quickly get the developers on board by just giving them a darker image that contains all the dependencies for the apt a1 you want to work with so in your experience does anyone know do you guys use big docker images with all the dependencies bundled inside or you do you prefer to use smaller darker images with each service in its own image have to go back once you go to the doctor image and white black secure building like a pro correct whatever really going the other thing is dr. is configured the boss you can take a cure your image or your container goes well they use a custom operating system intended to running docker containers or Ubuntu ok no I hope I thought must admit I don’t

have much experience because our application has 50 users so we didn’t require darker for deployment yes but i use it for playing ground exploring right now we use the regular Ruby deployment tools without containers just there’s only one of me I don’t I don’t need container set okay so another thing meet tubs I would like to invite all of you that have more experience with docker to join me in the docker meetup group and maybe we can get together and form a little bit more sophisticated curriculum for for for those that want to start using and deploying docker in their organization in production and I think most everyone here can can get either a docker t-shirt or a sticker so you’re welcome to get some dark shirts and that’s it for me for today thanks yes right so right now you can use an integration testing server to after your tests are completed successfully build a docker image and for for shipping to production or you can actually have the docker hub can go into your git repository and after your git repo receives a commit it can automatically build a new image and so if there’s if there are commands within that image you could just constantly for instance fetch the latest image and run the testing command and that could that image can contain the entire testing stack for that you have so you don’t need to have the testing environment installed wherever you want to run tests for your app you just need to have a container image that is that pulled the latest version of the code from github and you can run that container image and get a report on whether your tests are failing or passing well I didn’t have this this experience but maybe we can like sit down afterwards and then find a solution to that I don’t know sorry fig Doh I mean I use this regular doctor logs command which so there is a darker logs command that shows the the output from the service yeah so if you run a single

service that out outputs into the standard out that’s pretty convenient but if you don’t then you have to make a mounted folder on your host which collects the log files no but I know some people they use the regular syslog files and some use network files there’s a good image by fusion a good image by the fusion that has syslog properly configured that can be used for that does anyone else have experience with collecting logs from dr. running docker images okay okay i hope you enjoyed both talks and i hope to see you again next month but for now thanks for coming and thanks again to our three sponsors my computer 40 to receive offer streaming to polygon for having a soup to total for having our rings just a second you know okay okay so who’s gonna get the Ruby my license lookup okay come to me after it thank you again for coming there are drinks in the bar just go there and take whatever you want write it down and as people both presenters if you have any questions or just mingle you know and yeah see you next month you don’t want you can take any any product of theirs doesn’t have to be really line yeah meet you Marco are you here no no Robert you don’t need okay does anyone want any jetbrains product okay come here cool it’s yours okay seriously thank you again for coming mingle the Chicago songs on me