The use of Docker as an application container management system has become standard practice for developers and systems engineers in the space of just two years. Some like to say that haven’t seen such a technological advance since OpenSSH. Docker is now a major player and is widely used in cloud systems architectures. But more than just that: Docker knows how to win developers over.

Let’s take a look at an overview of what we’ve done with Docker, as well as an assessment of the future and of the competition that is appearing on the horizon.

So what is Docker again?

Docker is a microcontainer management tool that uses libcontainer. Developed in Go by Solomon Hykes, Docker became open source in 2013 and was quickly adopted by key accounts. The tool’s flexibility was a game changer.

Before its arrival, creating an application container required a mastery of relatively advanced concepts. LXC had already started to grab the lion’s share, giving “pure virtualization” solutions a run for their money. OpenVZ and Xen also played some role. But those systems were mostly designed for server solutions, and demanded considerable configuration work.

Let’s be clear: Docker is not a replacement for LXC, OpenVZ or Xen. And it’s not a virtualization solution the way that KVM, VirtualBox and VMWare are. Docker has another vision, another method of operation, and does not serve the exact same purposes.

Like OpenVZ, Xen and LXC, Docker uses the principle of rootfs, which is nothing more than a root file system. It uses a tree structure as the root for a remote system (like chroot would do) and offers a network layer and a set-up system. But it also has its share of differences.

First, its images and containers are layered using union mount filesystem (as aufs, devicemapper, …). On the one hand, this saves disk space, but it also makes it possible to quickly build a container without copying an entire root.

The other difference is that Docker avoids the initialization phase of the guest system. In other words, the container’s root is only used as an environment for the targeted application.

Lastly, Docker comes standard with the ability to manage an image versioning registry. By default, a public registry is used. That registry offers a multitude of off-the-shelf images (either official images or images submitted by users in the community), as well as a private space that can be made available for a fee. In theory, Docker is quite similar to Git and its Hub could be compared to a service like GitHub. It also uses common concepts like commits, tags and a remote registry server.

The community has been active around the project, proposing tools for autostarts (fig, now Docker Compose) or for simplifying cloud integration and administration processes (CoreOS), monitoring tools (cAdvisor), and the list goes on.

Today, Docker is flooding the IT world. OpenStack, Amazon, Google, CoreOS, and more: they’re all looking into this technology, if they haven’t already integrated it with their infrastructure.

But competition is coming!

Convenient for systems

Docker’s primary appeal is undoubtedly its ease of creating containers to manage microservices. A container is, first and foremost, a way to completely isolate an application. Thanks to its libcontainer library, Docker uses that memory and process isolation through the management of cgroups.

Docker won’t open a port on the host machine unless specifically asked to do so. If two containers need to communicate via the IP layer, they can be linked together so that those two instances can communicate using names instead of IP addresses (that may change each time containers restart).

Cloud scaling

Docker has become very popular in the cloud for the low level of resources that it uses, its volume management and its union mount filesystem, which reduces the disk space needed. In studying how Docker works, you realize that it is very simple to create a scalable and/or high availability system.

The “docker” command is in fact a simple REST client that communicates with the daemon. By default, the service (daemon) creates a unix socket (/var/run/docker.sock) that supplies that API. The “docker” commands merely use the API.

The API can be used to listen to events like when a container is created, started or stopped. When you work with the information provided by this API, you can determine which container is running which service, on which port, etc.

If you don’t want to or are unable to use the structures required by CoreOS, OpenStack, etc., you may be able to create your own architecture and tools, relatively easily. The API is fairly simple to access and highly effective.

Here is an example of architecture used in one of our projects.

In this arrangement:

  • Each physical slave server has a discovery service that listens to the Docker socket.
  • When a container starts or stops, the service sends the information to the master server.

The master server can then take appropriate action, such as by modifying the nginx server’s configuration, or deleting/removing an upstream server.

Another option is to change Docker’s configuration so that the API is accessible in TCP mode (making it network accessible). In this specific case, a small client connects to all the slave servers and listens to all their events. Otherwise, the principle is the same as above: each event will allow an upstream server to be added or deleted in nginx (for example).

The difference here is that the master must handle all the connections to all the slaves. The previous method is less costly, because the slaves are the ones connecting to the master.

In both cases, the primary server is notified each time a container starts or stops and can modify the primary nginx server, restart containers or prevent an incident.

It’s also certainly possible to set up two master servers for failover management. The solution is adaptable and easy to maintain.

Convenient for developers

True, Docker is really suited for systems administrators. But it can also be seriously useful to production, i.e. for developers. One solution that we used for a customer was a combination of Dockerfiles and docker-compose files (for retrieval of the fig project by Docker).

The idea is to define what a developer’s workstation needs to run the project, and then to create Dockerfiles (if needed) that will build images in line with the constraints, as well as a docker-compose.yml file linking the containers.

Then, when using a version control server (Git, Mercurial, SVN, etc.), you simply set up the project directory to include those files and the project’s source code and to specify the volumes to be fed to the containers. Next, the team retrieves the project, and the only command needed to start the services is “docker-compose up”.

Let’s take the example of a Drupal project. Two containers can be used:

  • a MySQL container;
  •  a container with Apache + the PHP module.

Drupal’s source codes are placed in “/src” and sent to the Apache container. This is the principle of volume: a local directory or file on the host can be attached to one or more containers in a specific directory. You then do the same for the MySQL storage directory so as not to lose the records saved to the database.

The Dockerfile could for example be:

FROM debian:7
MAINTAINER admin-dt@smile.fr
# Install software
RUN apt-get update && apt-get install apache2 php5 php5-mysql libapache2-mod-php5
# Start Apache
CMD /usr/sbin/apache2ctl -D FOREGROUND

And the docker-compose.yml file:

web:
     dockerfile: .
     volumes:
     - "./src:/var/www/drupal
     ports:
      - "8080:80"
     links:
      - "db"
db:
     image: mysql
     volumes:
     - "./data:/var/lib/mysql"

The “web” service is linked to “db” (see the “links” directive in the example above), so it is possible to read environment variables that supply MySQL addresses and ports (presented in its Dockerfile).

Here, for example, the following variables are accessible in the “web” container:

  • DB_PORT_3306_TCP_ADDR=172.17.1.24
  • DB_PORT_3306_TCP_PORT=3306
  • etc.

Resolved container names can also be used, and “web” and “db” are considered to be machine names in the two containers.

In other words, the address “mysql://db” is resolved. You then just need to modify the Drupal configuration file to access the database, and your work is done. The project will have the following structure:

  •  ”data/” to store MySQL data;
  •  ”src/” containing Drupal’s source code;
  •  ”Dockerfile” to create the Apache/PHP image;
  •  ”docker-compose.yml” which describes how to launch the containers.

To keep our example simple, we didn’t mention that the Apache configuration files are also volumes that are shared with the containers. The end result is that the web server’s configuration is modifiable.

You will also have noticed that the port bind has also been handled. Because developers don’t necessarily have the rights to use port 80, we map the local port 8080 to the Apache container’s port 80. The developer just needs to visit 127.0.0.1:8080 to see the Drupal instance in action.

To understand this connection, take a look at the diagram below.

Competition

It might almost seem like Docker is alone in its world, bathing in its sea of praise. But remember that Docker uses libcontainer and cgroups, meaning that, to be able to use those kernel capacities, the service has to run as a root. And this could potentially be exploited.

This is actually CoreOS and other’s criticism of Docker, despite its evident attraction to this technology, which allowed CoreOS to create one of the best-known cloud systems today. Docker requires root rights in order to interface with cgroups. But a service that runs as a root could potentially create a hole in the system.

Docker’s development team gave a courteous response. It’s clear that future upgrades will take that issue into account and that any suggestions for correcting these flaws (which have not caused any particular problems so far) will be examined with interest. But don’t panic: the likelihood of this flaw being exploited is relatively low. To date, the only fault that has been exploited dates back to a 2014 version (1.0), and it has since been plugged.

In short, CoreOS decided to create its own container system (that can use Docker images) named Rkt (pronounced “rock-it”). But there is nothing to stop you from continuing to use Docker with the CoreOS solution. Rkt had only just been announced when LinuxContainers (the umbrella project behind LXC) publicized the development of LXD in cooperation with Canonical.

As you can see, everything is in place for container management to move as close as possible to the kernel and, as a result, for performance levels to soar.

The more time passes, the more containers are becoming a necessity.

But what about Windows and OS X? For OS X, there has been no announcement and there is no existing product. The use of boot2docker (a virtual machine created to run Docker) is therefore not optional. Windows also requires boot2docker for now, although a recent announcement suggested the possibility of seeing containers running on Microsoft’s OS. To be continued…

Conclusion

Docker is clearly a technology suited to both development and systems administration. Its contributions toward simplification and performance, as well as its adaptability, make it possible to easily set up services in a way that was previously inaccessible. Regardless of your infrastructure’s size, Docker has options for you.

But its strengths can also be put to use for production. Development is becoming standardized, and the line between developers and systems is becoming ever finer. It remains to be seen how much evolution the next versions will present, and what the competition will offer.

For now, Docker is still king in this domain

Image credits : Wikimedia Commons

Written by Patrice Ferlet

http://opensource.com/users/metal3d

Recommended For You.

https://www.youtube.com/watch?v=ojZT1sKCGQs  

68 Replies to “High Availability Kubernetes on Bare Metal [A] – Muhammad Kamran Azeem & Henrik Høegh, Praqma”

  1. Oh my goodness! Incredible article dude! Many thanks, However I am
    experiencing troubles with your RSS. I don’t understand the reason why I can’t join it.
    Is there anyone else having identical RSS problems? Anyone that knows the solution will you kindly respond?
    Thanx!!

  2. I really adore your website and find most of your blog posts to be exactly what I’m interested in. Do you offer guest writers to write content for you? I would not mind creating a post about how to watch free movies online or even on most of the topics you write about on this site. Cool site!

  3. I want to express my admiration for your kindness supporting visitors who really want assistance with this concern. Your very own commitment to getting the message up and down ended up being really beneficial and have usually enabled women just like me to reach their desired goals. This insightful guideline indicates a whole lot a person like me and a whole lot more to my peers. Thanks a lot; from each one of us.

  4. What i do not realize is actually how you’re not really much more well-liked than you might be right now. You’re very intelligent. You realize thus considerably relating to this subject, produced me personally consider it from a lot of varied angles. Its like women and men aren’t fascinated unless it is one thing to accomplish with Lady gaga! Your own stuffs excellent. Always maintain it up!

  5. I do not even understand how I stopped up right here, but I thought this publish used
    to be great. I don’t know who you’re however
    definitely you are going to a well-known blogger if you happen to are not already.
    Cheers!

  6. Hello There. I discovered your blog the usage of msn. That is an extremely neatly written article.
    I will be sure to bookmark it and return to read
    more of your helpful info. Thank you for the post.
    I will definitely return.

  7. It’s a shame you don’t have a donate button! I’d certainly donate to this brilliant blog!
    I suppose for now i’ll settle for book-marking and adding your RSS feed to
    my Google account. I look forward to brand new updates and will share this blog with my Facebook group.
    Talk soon!

  8. That image is associated with a certain historic period of piracy
    that has caught hold of the imagination. There is even a greater probability that these have
    been formerly exhibited inside the malls and however remain unknown to the public.
    However, some of these proxy sites are a bit inconsistent and
    often cause your net speed to go down a bit.

  9. I came over here via another web address on dental bridge cost and imagined I might as well consider this. I like what I see therefore now I”m following you. Getting excited about checking out your website again.

  10. I am seriously enjoying the theme of your internet site. Do you ever run into any kind of web browser compatibility troubles? A few of the website readers have lamented about my porcelain veneers website not operating effectively in Internet Explorer but seems very good in Chrome. Are there any tips to assist repair that problem?

  11. Hello, you are definitely correct. I frequently read through your site content carefully. I’m likewise focused on emergency dentist, maybe you might discuss that at times. I’ll be back soon!

  12. I know this if off topic but I’m looking into starting
    my own weblog and was curious what all is needed to get set up?
    I’m assuming having a blog like yours would cost a pretty penny?

    I’m not very web savvy so I’m not 100% certain. Any suggestions or advice would be
    greatly appreciated. Kudos

  13. It’s really a nice and useful piece of info.

    I am satisfied that you just shared this useful info with us.
    Please keep us up to date like this. Thank you for sharing.

  14. Great beat ! I wish to apprentice whilst you amend your site, how could
    i subscribe for a weblog web site? The account aided me a
    applicable deal. I were tiny bit acquainted of this your broadcast provided brilliant transparent concept

  15. Very nice post. I just stumbled upon your weblog and wished to say that I’ve truly enjoyed browsing your blog posts. In any case I will be subscribing to your feed and I hope you write again very soon!

  16. Hi there! Someone in my Myspace group shared this site with us so I came to give it a look. I’m definitely loving the information. I’m book-marking and will be tweeting this to my followers! Superb blog and excellent design and style.

  17. Hello, Neat post. There is an issue together with your web site in internet explorer, may
    test this? IE still is the market chief and a large portion of people will leave out your excellent writing because of this
    problem.

  18. I’m truly loving the theme/design of your information site. Do you ever come across any kind of internet browser interface issues? A lot of my website audience have complained regarding my how to watch movies online website not operating properly in Explorer but seems excellent in Safari. Do you have any kind of solutions to aid fix this matter?

  19. I’m definitely loving the theme/design of your site. Do you come across any kind of browser interface troubles? Some of the website visitors have complained regarding my free movie website not working the right way in Explorer yet seems awesome in Safari. Do you have any recommendations to aid repair the issue?

  20. Simply wish to say your article is as astonishing.
    The clarity to your submit is just cool and i could
    suppose you’re an expert on this subject. Well along
    with your permission let me to grab your RSS feed to stay up to date
    with impending post. Thanks one million and please carry on the enjoyable work.

  21. Oh my goodness! Incredible article dude! Thank you,
    However I am going through problems with your RSS. I don’t know why I cannot join it.

    Is there anyone else having the same RSS problems?
    Anyone who knows the answer can you kindly respond?
    Thanks!!

  22. I don’t even know how I ended up here, but I thought this post was great.
    I don’t know who you are but definitely you are going to a famous blogger
    if you are not already 😉 Cheers!

  23. Hi there, I’m really thrilled I discovered your blog page, I basically encountered you by mistake, while I was browsing on Bing for mesothelioma law cases. Anyways I’m here now and would really enjoy to say kudos for a tremendous write-up and the all-round fun site (I also enjoy the design), I don’t have time to go through it entirely at the moment but I have book-marked it and moreover added in your RSS feed, so whenever I have sufficient time I will be back to look over more. Make sure you do keep up the amazing work.

  24. I came over here from some other page on the subject of free mesothelioma advice and considered I should look at this. I enjoy the things I see thus I am just following you. Getting excited about checking out the blog again.

  25. Fantastic website you have here but I was curious
    about if you knew of any forums that cover the same topics talked about here?
    I’d really love to be a part of community where I can get opinions from other experienced individuals that share the same interest.
    If you have any suggestions, please let me know.
    Cheers!

  26. Hey! Quick question that’s totally off topic.
    Do you know how to make your site mobile
    friendly? My blog looks weird when viewing from my iphone4.
    I’m trying to find a theme or plugin that might be
    able to resolve this problem. If you have any recommendations,
    please share. Thanks!

  27. I’ve tried restarting my telephone, uninstalling/reinstalling Battle Royale, setting my Play Retailer to my
    private e-mail, and changing my google play sign-in on CRoy to my non-public gmail, so it’s undoubtedly set onto it.
    Although it doesn’t have quite a bit in the sense of should – see monuments, should you dig deeper you’ll
    really discover some hidden (and not so hidden) gems away from
    the everyday touristy spots.

  28. Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you can do with some pics to drive the message home a bit, but instead of that, this is fantastic blog. A great read. I’ll certainly be back.

  29. I don’t know whether it’s just me or if perhaps everyone else experiencing issues with your blog.
    It looks like some of the text in your content are running off the screen. Can someone
    else please provide feedback and let me know if this is
    happening to them too? This might be a problem with my internet
    browser because I’ve had this happen previously. Thank you

  30. I like the helpful information you provide in your articles. I will bookmark your blog and check again here frequently. I’m quite certain I will learn many new stuff right here! Best of luck for the next!

  31. Hello! I know this is kinda off topic but I was wondering if you knew where I could find a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot!

  32. This design is incredible! You certainly know how to keep a reader entertained. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Great job. I really loved what you had to say, and more than that, how you presented it. Too cool!

  33. Hey there, I think your site might be having browser compatibility issues. When I look at your blog site in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, amazing blog!

  34. Hello, Neat post. There’s an issue along with your website in web explorer, might test this… IE nonetheless is the market chief and a good part of people will leave out your excellent writing because of this problem.

  35. I was curious if you ever considered changing the page layout of your site?
    Its very well written; I love what youve got to say. But maybe you could a little more
    in the way of content so people could connect with
    it better. Youve got an awful lot of text for only having
    one or 2 images. Maybe you could space it out better?

  36. I’m extremely pleased to discover this great site. I want to to thank
    you for your time for this wonderful read!! I definitely savored every
    part of it and I have you bookmarked to check out new stuff in your website.

  37. You can certainly see your expertise in the article you write.
    The sector hopes for even more passionate writers such as you who aren’t afraid to mention how they believe.
    All the time go after your heart.

  38. Hello There. I found your weblog using msn. That is a
    really smartly written article. I’ll make sure to bookmark it and come back
    to read extra of your useful info. Thanks for the post.
    I’ll certainly comeback.

  39. You’re so interesting! I don’t suppose I have read through a single thing like that
    before. So nice to find somebody with a few unique thoughts on this subject.
    Really.. thanks for starting this up. This website is one
    thing that is needed on the internet, someone with
    some originality!

  40. I’d like to thank you for the efforts you’ve put in penning
    this website. I am hoping to see the same high-grade content by you later on as well.
    In fact, your creative writing abilities has motivated me to get my own site now 😉

  41. What i do not realize is in reality how you are
    not actually a lot more smartly-liked than you might be now.
    You’re so intelligent. You realize thus significantly on the subject of this topic,
    produced me in my view believe it from so many various angles.
    Its like men and women are not involved unless it is one thing to
    accomplish with Woman gaga! Your individual stuffs outstanding.
    Always deal with it up!

  42. Hey! I’ve been following your website for a while now and
    eventually got the nerve to go ahead and give you a shoutout from the
    USA! Just wanted to say carry on with the fantastic
    work!

  43. I’m amazed, I must say. Seldom do I come across a blog that’s equally educative and entertaining,
    and let me tell you, you have hit the nail on the head.
    The issue is an issue that too few folks are speaking intelligently about.
    I am very happy I came across this in my hunt for something concerning this.

  44. I don’t even know how I ended up here, but I thought this post
    was great. I don’t know who you are but certainly you are going to a famous blogger
    if you aren’t already 😉 Cheers!

  45. I have been surfing on-line more than three hours these days, but I never found any attention-grabbing article like yours.
    It is lovely price sufficient for me. In my opinion, if all site owners
    and bloggers made just right content material as you did,
    the internet can be much more helpful than ever before.

Comments are closed.