-
VAMSEE KANAKALA: Hello everyone. Very good
afternoon.
-
I really enjoyed the lightning talks, thanks
-
everyone. And I hope you guys are slightly
awake.
-
So, this is slightly off the center topic,
so,
-
this is more about dev-ops rather than Ruby
or
-
Rails, per se. So I'd like to know who
-
all are already familiar with Docker, have
tried out
-
or just know what it does and stuff like
-
that. OK, not too many. Sorry about that.
So
-
I've been a web developer for eight, for quite
-
some time. And a good part of it is
-
Rails. Actually the, I actually remember the
days when
-
the fifteen minute video came out. So all
through
-
these years I have also kind of ended up
-
setting up servers for the Ruby teams that
I
-
worked with, and have been the Linux guy for
-
as long as I can remember, as in the
-
professional life of mine. And so I thought,
so
-
lately I've been observing what's happening
on the production
-
side of things, so I guess a bunch of
-
you- so how many of you have set up
-
your own Rails servers, maintained them? Oh,
quite a
-
few. OK. Then, this should be relevent to
what
-
you're doing. So the point of, so we're gonna
-
talk about zero downtime deployments with
Docker. So the
-
point of this is, so what is Docker? So
-
the first thing that Docker does is it basically
-
commoditizes LXC. LXC is Linux Containers.
So the containers,
-
you can think of them as something like chroot
-
jail, change root jail, you have in Linux.
So
-
what it, what it basically does is it gives
-
you a separate folder as a root, and you
-
can run off your processes from there, and
all
-
the children are only allowed to access that
part
-
of the directory, as a root directory. A container
-
extends this concept by giving you isolation
on the
-
memory level, it gives you isolation on network
level,
-
it gives you isolation on hard disk level.
So
-
LXC is a fairly old technology in Linux, but
-
it has been mostly in the realm of people
-
who understand Linux pretty well, or sysadmins
who are
-
trying to achieve something on the production
side. So
-
Docker basically makes this accessible to
all of us.
-
So it makes portable deployments across machines
possible, so
-
you can basically have, you have, I have,
suppose
-
a vagrant box, which runs Erlang?? [00:03:19]
install, but
-
you can also, you can actually run production
systems,
-
production installs of, out of, say at 12
point
-
0 precise. So you get a lot of flexibility
-
of moving your production images around. So
there is
-
efficient and quick provisioning, so it saves
on a
-
disk, how much disk it uses, by doing copy-on-write
-
installs. I'll talk about it a little bit
later.
-
There's, it's near-native performance, it's
basically process virtualization. So
-
you're not, you're not doing hardware virtualization,
or, you're
-
not trying to support different OSs and stuff
like
-
that, so the way you, the speed at which
-
your Docker instant boots up is very quick.
So
-
you almost have no overhead at all. It also
-
has Git-like versioning of images. So you
have basically
-
a base image, which is Ubuntu, and you can
-
install something like emacs on it and you
can
-
commit it and it'll save it and it'll make
-
it into another image. Which'll also - I'll
show
-
you a little bit more about that. So that
-
enables a lot of reuse. So you can basically
-
push these images to a public depository that
Docker
-
maintains, index dot docker dot IO, so if
they're
-
public, if they're open for sharing, so you
can
-
push them out there and people can use your
-
own configuration how you, however you configured
your image.
-
And the major difference between how LXC operates,
or
-
how LXC is talked about and how Docker encourages
-
you to think about containers is that, so
LXC
-
was initially thought of as, you know, lightweight
servers,
-
which, where you install basically everything
and put them
-
up and treat them as, just like any other
-
server. Docker kind of encourages you to look
at
-
containers as an application. So you install,
say your
-
database mask in one container, you install
your app
-
server as another container, you install your,
your RDB,
-
you know, so, in another container. So, what
is
-
LXC? I actually wanted to take out this slide,
-
probably it's a little too advanced for this
talk.
-
But let - I'll try to cover this quickly.
-
So at the basic level, it provides OS-level
virtualization
-
for Linux. So compared to, say, what virtual
box
-
does for you, or KVM, or Zen, so these
-
are all hardware virtualization, so OS-level
virtualization - much
-
faster, much lightweight. Perfect for production
deployment, so. It
-
basically does this. So LXC basically provides
you one
-
process space, one network interface, and
your own init
-
framework. So your, you can be running on
Ubuntu,
-
which uses Upstart as- and your container
can use
-
systemD. That's not a problem at all. So the
-
basic isolation is achieved with cgroups.
Cgroups are control
-
groups. So what cgroups gives you is that
it
-
lets you put limits on the resource usage,
basically.
-
Whether it's network or off your disk or your
-
process usage, so cgroups gives you this nice
little
-
interface where you can do - this is definitely
-
the Linux geek- do not worry, you don't have
-
to worry about that. So the only catch is
-
that it shares the kernel with the host, so
-
you can do stuff like having an x64 image
-
and put it on i36 or vice versa. So
-
that's pretty much the only catch here and
it's
-
probably not very, not much of a catch at
-
all. So a typical docker image kind of looks
-
like this. At the most basic level you will
-
see the kernel, and you have cgroups, you
have
-
name spaces and device mapper. So Docker kind
of
-
achieves this git-like portioning through,
through a unioning file
-
system. Right now, debian-based installs use,
a UFS, which
-
is quite popular, but it has some limitations,
which
-
is, it's integrated into a debian kernel,
a debian-based
-
distros kernels, but it's not really available
in others,
-
like Santos and dev-hats ?? of the world.
[00:08:06]
-
So recently they have switched, created a
storage IO
-
which kind of lets you swap out AUFS with
-
the device-mapper, and has plans for integrating
RFS and
-
BTRFS and stuff like that. So beyond that,
you
-
see the base image, which is shipped out of
-
docker registry, and you also have images.
So I
-
installed emacs and, committed, it becomes
a read-only- so
-
bootSF is basically read-only, and once you
boot up
-
that container you'll get a writable part.
So once
-
you commit it, it'll become, again, read-only.
We'll go
-
through that. Workflow class- So the basic
workflow, I
-
will do it now again, so you basically pull
-
docker images from the public registry and
you run
-
it on your host, and you add your own
-
changes on top of it, push it back to
-
share them, or you could also build it from
-
the ground up using debootstrap and tools
like that.
-
So you also have a docker file which lets
-
you build your own images. Apart from that,
you
-
can set up a private regist- repor- registry
-
-
sorry. So the idea of private registry is
that
-
you have your own work groups and you want
-
to share these images within your company
and they're
-
not really useful for the public usage. So
this
-
is a very public registry, private registry
comes in
-
and, this is just a simple Python app, you
-
can run it on your own server and set
-
it up. So, oh, you can also sign up
-
for something like quail dot IO, which also
lets
-
you push, well, you can have your own account,
-
pay for it, and push your private images there,
-
and it's locked up. So before we go, go
-
into the Docker file part, so let me show
-
you a simple - workflow. So you have images,
-
so you can probably ignore a bunch of these.
-
Look at the last ones, which is basically
-
-
should I move that a little bit? OK. So
-
at the most basic level, when you pull from
-
Docker, say, so it will try to, so, it's
-
not gonna pull anything really, it'll just
check for
-
the layers that are available on my system,
and
-
it'll just, adjust itself. So you see several
layers
-
there, so if you look at the Ubuntu part,
-
it's actually, the Ubuntu images actually
comprised of precise
-
and quantiles, and you can use any of those
-
to take of your container. So kicking off
a
-
container is probably as simple as -
the end.
-
You can give it, you have to give it,
-
I'm taking the Ubuntu image, a basic image,
and
-
I have to give it an entry point. So
-
it will drop me into a root prompt, and
-
basically I can do, I can run app, get
-
updates, and I can install my own stuff. I'll
-
just install a small, a very tiny package,
so,
-
in the interest of time. Wow. That takes-
So
-
the basic starter image is pretty much very
stripped
-
down, you don't have most of the components
that
-
you would need. So the idea is that it
-
should be very lightweight to deploy, and
you can
-
basically add your own, your own software
on top
-
of it and commit and push it up. So
-
let's say I install nano. There you go, right.
-
That shouldn't take too long. Yeah. So you
have
-
nano here, and if I switch to the other
-
window, you can see. Docker ps. So among the
-
other ones, are you- you can see the last
-
one, which is being run here, and if I
-
actually switch, use nano there, you can see
-
-
docker - So each of the, each of the
-
containers will have its own name, so you
can
-
do - cranky - you can also set the
-
names, which is a recent feature. But otherwise
it'll
-
just regen- it'll just generate - oh, sorry.
So
-
it, it gives you what is happening inside
the
-
container. So you have a basic idea of what's
-
running inside the container. So you can also
commit
-
this. So you exit it, and you see, so
-
cranky curie is on there, so you can do
-
something like docker commit cranky curie.
Sorry. So you
-
can commit it, and it'll show up in your
-
images. Oh, I have to give it a name.
-
Cranky_curie as varsee nano. So, docker images.
You'll see
-
the one on top. It has fancy name. And
-
you can push it, you can push it to
-
the public registry, the public registry kind
of looks
-
like this. So you can search for your own,
-
whatever images that you might need for your
deployment
-
and stuff like that. So I've, you know, I've
-
been playing around with it a little bit and
-
stuff like that. So this is the public depository.
-
You can install the same thing on your private
-
servers and secure it from outside. And you
can
-
have your own image. So that's basically the
workflow
-
that you would work with. And there's a second
-
part to it. What I've done so far is
-
the manual, so I've logged into a container
and
-
I've installed stuff in it. So you basically
automate
-
it with something called a Docker file. Oh,
sorry.
-
So Docker file, so is, it's very similar to
-
what you have reg file or make files in
-
your projects. So it's a default way to build
-
it from base image. Basically upload a file
script,
-
but definitely easier to maintain. And you
have directives
-
like from, run, command, expose. So from is
basically
-
which, based on which image do I want to
-
build my docker. And you have run, basically
has,
-
or app to get install commands, whatever is
done
-
manually. And command and entry point are
very similar.
-
So I've entered into the container through
bin bash,
-
so I've basically put that in entrypoint.
And the
-
command is what passes, you pass some options
into
-
that. So I'll show you a docker file anyway,
-
so that will, that should put this, all this
-
in context. So you have, you can even add
-
files, you can copy config files from your
host
-
system into your container. You can have volumes,
volumes
-
are basically mount points. You just mount
a whole
-
directory as either read-only or read-write,
it's up to
-
you. And on the whole there are about a
-
dozen commands. It's very simple to get started
with.
-
No nonsense. And doesn't need a lot of time
-
to learn the whole thing. So, and you can
-
create your own base images using debootstrap
in centOS,
-
it's, debootstrap is basically a building
tool with how
-
you build a base image. But in that other
-
distros you have, you know you can do it
-
with other tools So zero downtime deployment.
So why,
-
why do we need that? So the most important
-
part being, you have, you know, things like
continuous
-
delivery and continuous deployments, right.
So they're subtly different
-
from each other, they're very similar concepts,
of course
-
you have continous delivery where you send
stuff, you
-
deliver your software on a regular basis and
you
-
have tight communication loops with your clients
and all
-
that good stuff - ?? and stuff. [00:17:38]
And
-
continous deployment is basically taking it
one step, and
-
I think Chad did a really good example of
-
that yesterday. So you know instead of making
your
-
deployments, say, once a week, or you know,
once
-
every few days, the idea is to make them
-
as continuously as possible with least amount
of angst
-
around making deployments. So you basically
have, I'm sure
-
you're all used to long deploys in Rails.
Migrations,
-
you know, when migrations are happening, you're
changing the
-
schema, other requests, you usually put in
a maintenance
-
page and when other requests comes in you,
if
-
you don't put up a maintenance page, you already,
-
you can get some errors and stuff like that.
-
And obviously you know about asset compilation,
it takes
-
way too long. So but these problems are not,
-
really not limited to Rails, per se. I'm sure
-
you have the same issues when you're deploying
Jangle
-
container, so Docker is basically a framework
diagnostic you
-
can run any apps on it, and. So I'm
-
trying to lay out a problem, so there are
-
two parts to this problem. So one is with
-
migrations and without migrations. Without
migrations it's usually a
-
little easier because you don't have to worry
about
-
making sure the databases are in sync and
stuff
-
like that. So with databases it's a more complex
-
scenario where you have to take a master DB
-
slave, DB, make sure they're sync, and you
have
-
something like ZooKeeper kind of keeping track
of who's
-
master, who's slave, and you switch. So I'll
try
-
to walk you through the simpler case, so we
-
can extend this to, you know, DB level. I
-
don't think I can cover other DB stuff here.
-
So you basically have a HaProxy. HaProxy is
basically
-
a reverse proxy but on steroids. So it's a
-
load balancer, to be exact. But what it does
-
is very similar to what engine x does for
-
you, you have like multiple instances, and
you are,
-
they're running on different multiple instances
of your app
-
server, they're running on different ports.
And basically enginex,
-
once a request comes enginex will do a round
-
up and allotment of you know the servers.
So
-
HaProxy does that, but also a lot more. It
-
also lets you do funky stuff like what I'm
-
gonna talk about, there's a back-up server,
and active
-
server, which you can use cleverly to do zero-downtime
-
deployments. But it also has, if you have
time,
-
I would suggest you go through the configuration
file,
-
which is very dense and long, but very interesting
-
stuff. So what we're gonna use, in HaProxy
here,
-
is that you have basically two types of, you
-
can set up two types of servers. And the
-
like, a bunch of active servers and there
are
-
like a bunch of back-up servers, and the idea
-
is that the back-up servers are not used until
-
all the active servers are down, right. So
the
-
request won't come through to back-up servers
until all
-
the active servers are down. So what we are
-
gonna, how we are gonna use that, sorry, the
-
slides are very basic, so. So, you basically
kick
-
off the deploy, kick off the image build with
-
docker, and you take down the back-up servers.
At
-
this point your HaProxy is still serving from
your
-
active servers, right. So now you bring up
the
-
new back-up server, new back-up servers with
your new
-
image, which is just being build when the
deploy
-
happened. So, and then you take down the active
-
servers. So after all the active servers are
down,
-
the requests will come in to the back-up ones,
-
right, so which is now serving your new code,
-
which has just been deployed. So after that
you
-
restart your active servers, you're back to
normal again.
-
So at the most basic level, so at least
-
you will definitely won't be able to do migrations
-
with this set-up. You have to go a little
-
bit advanced for that. But at least you'll
be
-
able to avoid frustrations with stuff like
long asset
-
recompilation, you know, long deploys that
you usually get.
-
So let me walk you through the whole thing,
-
quickly. So I was actually quite upset that
the
-
talk, the pamphlet which is being given, which
had
-
shortcuts for sublime and whim, but it doesn't
have
-
shortcuts for emacs. Which is, I object! So
the
-
idea is, OK let me start you off with
-
the simple docker file. So this should, this
should
-
- oh, OK. Yeah. Let me restart it. I'll
-
just show you on my- I think this is
-
a lot more easier to show you. So app
-
server, you have docker file. So at the most
-
basic level, I am picking it up from the
-
Ubuntu image, and basically running some adaptation
of my
-
source's list, and you have app-get update,
app-get install,
-
y. So let me run the deploy first, and
-
then I will talk about this, because I don't
-
think we'll have enough time to actually wait
afterwards.
-
OK. So this will, this will run the deploy
-
process in the background. Let me talk about
what
-
it actually does out here. OK. So let's get
-
back to our docker file. So what it does
-
- this is almost like the shell script that
-
you use for everyday automation, so, but it
adds
-
a little bit more fun to it, I guess.
-
So what I'm doing is pretty straightforward.
I'm installing
-
chruby, I hate RBM, especially for production
it sucks,
-
I mean, yeah. There are other opinions about
it.
-
But at least I have, I've thought it's the
-
easiest way to get started. So I'm basically
installing
-
some default gems, like bundler and puma,
and I'm
-
installing other dependencies. So the reason,
I am actually
-
splitting this into two docker files. So you'll
also
-
have stuff like, so. What I'm doing here is
-
that, so when I'm doing actually a deploy,
I
-
am only running this. So I'm picking up, I'm
-
installing all my dependencies in my earlier
image, and
-
I'm just reusing it for deploys I want, because
-
I want them to be pretty fast. So what
-
this does is pretty simple. It copies over
the
-
database configurations and it does a bundle,
and it
-
does a db migrate. I'm just using sqlite here,
-
so yeah. It exposes a port. So how the
-
containers talk to each other within a docker,
in
-
your host, is that through exposing these
ports. And
-
like I mentioned earlier, my entrypoint is
basically I'm
-
starting Puma there. And I'm running it in
a
-
?? [00:26:07]. Yeah. So if you look at the,
-
if you. If you look at the deployment, I'm
-
sorry- Yeah. So I don't know how much of
-
this actually makes sense. I'll just show
you the,
-
our deployment code. Sorry, the cap file,
so that
-
should make a little bit of more, yeah. OK.
-
So if you see at the bottom, you'll see
-
that I am just doing a bunch of stuff
-
there, so I'm linking from my current deploy
to
-
the vagrant, sorry, the docker container build
directory. And
-
I'm starting from the back-end servers. So
I'll, I
-
should also show you the, my HaProxy configuration.
So
-
it starts with your ports set up and you
-
actually search for those docker containers
and take them
-
down. So the build takes a- a little long,
-
so I've kind of commented it out for now,
-
but I can show you outside if you want
-
to see how that works. And it's pretty simple.
-
So at the end of it I'm just restarting
-
all my containers, so you can basically look
at
-
them here. Docker ps a. You'll see that these
-
top ones are only up for two minutes. These
-
are recently deployed. So all through, if
you look
-
at your HaProxy page, so you basically have
two
-
active ones here, and two back-up servers
here. So
-
like, and I also should show you the HaProxy
-
stuff, right. So you can pretty much ignore
all
-
this stuff. The most important part is the
last
-
two ones. So as you can see the web
-
01 and web 02 are active servers, and web
-
03 and web 04 are back-up servers. So that's
-
all it takes. So you can basically segment
your,
-
the servers like that and go at it. So
-
that's basically it. So I hope- and, a couple
-
of helpful links if, sorry if it's not very
-
visible. There's docker dot io, where you
can find
-
all of the documentation and stuff, there's
haproxy -
-
go look at it if you are doing deployments
-
through your regular day-to-day developer
life. This is a
-
lifesaving tool to learn well. And there's
dockerbook, if
-
you're - it's written by James Turnbull one
of
-
my favorite technical authors. He's written
Pro Puppet, which
-
is still quite one of my favorite books. And
-
if you want to know a little bit more
-
about the Linux part of what Docker does,
like
-
the internals of Docker, you can listen to
Jerome
-
Petazzoni, who is part of the Docker team.
So
-
he's given a really good talk, in-depth talk
about
-
it, at our next conference you should look
at
-
the video. And there are like a bunch of
-
tools you can probably look at. There's Dokku
which
-
is a PaaS. PaaS is a platform as a
-
service, what- essentially what HaDokku does,
you can build
-
your own HaDokku [00:30:06] with the Docker.
And Flynn
-
dot io, CoreOS is also very import- very interesting
-
tool. CoreOS kind of bundles Docker with a
service
-
disovery thing, like, kind of like ZooKeeper,
but it
-
is called ATCD. And it bundle system ??[00:20:21]
in
-
its framework, so if you're into deployments
this is
-
a very interesting ecosystem to look at. And
Quay
-
dot io I mentioned. It's, you can basically
upload
-
your private images there and get started.
So they're
-
like a bunch of tools. I don't know if
-
I have any time for questions, but you can
-
catch me. Sorry, but I'm available, you can
catch
-
me at any time. Thanks a lot.
