Introduction to Docker,from Jitendra Kumar Patel

摘要: Introduction to Docker,from Jitendra Kumar Patel. Jitendra Patel,M.Tech from International Institute of Information Technology, Bangalore (Pursuing).Experience in Teaching.Expertise in Ethical Hacking, Network Security, Reverse Engineering, Wireless Security, Technical AnalysisWorking as a Offline Instructor at Innobuzz Knowledge Solutions.Tech Enthusiast.
Introduction to Docker,from Jitendra Kumar Patel

Jitendra Patel
M.Tech from International Institute of Information Technology, Bangalore (Pursuing)
Experience in Teaching
Expertise in Ethical Hacking, Network Security, Reverse Engineering, Wireless Security, Technical Analysis
Working as a Offline Instructor at Innobuzz Knowledge Solutions
Tech Enthusiast

A dotCloud (PAAS provider) project
Initial commit January 18, 2013
Docker 0.1.0 released March 25, 2013
18,600+ github stars, 3800+ forks,740 Contributors…. and continues
dotCloud pivots to docker inc. October 29, 2013

What is Docker ? 
Open platform for developers and sysadmins to build, ship and run distributed applications
Can run on popular 64-bit Linux distributions with kernel 3.8 or later
Supported by several cloud platforms including Amazon EC2, Google Compute Engine, and Rackspace. 

Minimal overhead (cpu/io/network)
Based on Linux containers
Uses layered filesystem to save space (AUFS/LVM)
Uses a copy-on-write filesystem to track changes
Can run on any Linux system that supports LXC (today). 
0.7 release includes support for RedHat/Fedora family.
Raspberry pi support.
Future plans to support other container tools (lmctfy, etc.)
Possible future support for other operating systems (Solaris, OSX, Windows?)
A Docker container contains everything it needs to run
Minimal Base OS
Libraries and frameworks
Application code
A docker container should be able to run anywhere that Docker can run. 

The Challenge

The Matrix From Hell

Cargo Transport Pre-1960

Also a Matrix from Hell

Solution: Intermodal Shipping Container

Docker is a Container System for Code

Docker Eliminates the Matrix from Hell

Why it Works: Separation of Concerns

Docker Architecture
Docker Engine
–Docker Daemon
–Docker Registry 
Docker Hub
–Cloud service
•  Share Applications
•  Automate workflows
•  Assemble apps from components
Docker images

Docker containers

Docker images
uses a Union File System
a read-only Layer
do not have state
Basically a tar file
Has a hierarchy •  Arbitrary depth
Fits into the Docker Registry 

Containers before Docker

Containers after Docker 

How does Docker work ?
You can build Docker images that hold your applications
You can create Docker containers from those Docker images to run your applications
You can share those Docker images via Docker Hub or your own registry

Virtual Machine Versus Container

Docker Container Lifecycle
•  The Life of a Container
– Conception
•  BUILD an Image from a Dockerfile  
– Birth
•  RUN (create+start) a container    
– Reproduction          
•  COMMIT (persist) a container to a new image           
•  RUN a new container from an image  
– Sleep        
•  KILL a running container     
– Wake     
•  START a stopped container  
– Death       
•  RM (delete) a stopped container 
•  Extinction  
–  RMI a container image (delete image)

Linux Cgroups
•  Kernel Feature  
•  Groups of processes  
•  Control resource allocations  
– CPU       
– Memory    
– Disk       
– I/O  
•  May be nested

Linux Kernel Namespaces
•  Kernel Feature  
•  Restrict your view of the system  
– Mounts (CLONE_NEWNS)   
– UTS (CLONE_NEWUTS)         
•  uname() output   
– Networks (CLONE_NEWNET)   
– User (CLONE_NEWUSER)         
•  Not supported in Docker yet        
•  Has privileged/unprivileged modes today  
•  May be nested 

•  Like a Makefile (shell script with keywords)  
•  Extends from a Base Image  
•  Results in a new Docker Image  
•  Imperative, not Declarative
A Docker file lists the steps needed to build an images
• docker build is used to run a Docker file
• Can define default command for docker run, ports to expose, etc

Docker CLI Commands (v1.1.2)

Contributing to Docker
Want to hack on Docker ?
Reporting Security Issues
Design and Cleanup Proposals
Reporting Issues
Build Environment

Easy to build, run & share containers
Rapidly expanding ecosystem
Better performance vs. VMs
Layered file system gives us git-like control of images
Reduces complexity of system builds
Red Hat - Project Atomic Host, and certifications - containerized applications, Geard and OpenShift. 
Google is expected to tightly integrate containers with its IaaS and PaaS offerings.