diff options
| author | Camil Staps | 2016-10-05 23:31:40 +0200 |
|---|---|---|
| committer | Camil Staps | 2016-10-05 23:31:40 +0200 |
| commit | 27683355dbc5c6bb0f8e426b5ab7c258c6bdfca8 (patch) | |
| tree | aafe81d3c01aaf8a7a7bd16c83fe23f23da0f555 | |
| parent | Introductie, dockerfiles, cli (diff) | |
Finish rough presentation
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | Makefile | 16 | ||||
| -rw-r--r-- | docker.tex | 242 |
3 files changed, 223 insertions, 37 deletions
@@ -14,3 +14,5 @@ _minted-*/ moby.svg +compiling.png +swarm.png @@ -1,5 +1,8 @@ +SHELL=/bin/bash + PRE:=docker.pdf -DEPS:=moby.pdf $(wildcard examples/*/Dockerfile) +DEPS_GEN:=moby.pdf compiling.png swarm.png +DEPS:=$(DEPS_GEN) $(wildcard examples/*/Dockerfile) AUX:=moby.svg TEX:=pdflatex @@ -15,7 +18,14 @@ all: $(PRE) convert $< $@ moby.svg: - wget https://www.docker.com/sites/default/files/moby.svg + curl https://www.docker.com/sites/default/files/moby.svg > $@ + +swarm.png: + curl https://www.docker.com/sites/default/files/docker-swarm-hero2.png > $@ + +compiling.png: + curl https://imgs.xkcd.com/comics/compiling.png > $@ clean: - $(RM) $(AUX) $(DEPS) $(PRE) + $(RM) -r $(AUX) $(DEPS_GEN) $(PRE) \ + docker.{aux,log,nav,out,snm,toc,vrb} _minted-* @@ -1,3 +1,4 @@ +% vim: spelllang=nl: \PassOptionsToPackage{dvipsnames}{xcolor} \documentclass{beamer} @@ -13,15 +14,14 @@ \usetikzlibrary{positioning} \usepackage{minted} +\setminted{fontsize=\scriptsize,tabsize=0,breaklines} +\setmintedinline{fontsize=\small,style=bw} \title{Docker} \subtitle{\vspace{1cm}\includegraphics[width=.3\linewidth]{moby}} \author[Camil Staps]{ Camil Staps\\ - {\footnotesize - \href{mailto:info@camilstaps.nl}{info@camilstaps.nl}\\ - \href{https://git.camilstaps.nl/LUGN-Docker.git}{https://git.camilstaps.nl/LUGN-Docker.git} - } + {\footnotesize\href{mailto:info@camilstaps.nl}{info@camilstaps.nl}} } \date{11 oktober 2016} @@ -37,14 +37,12 @@ \maketitle \end{frame} -\begin{frame} - \frametitle{Inhoudsopgave} +\begin{frame}{Inhoudsopgave} \tableofcontents \end{frame} \section{Introductie} -\begin{frame} - \frametitle{Wat is Docker} +\begin{frame}{Wat is Docker} \begin{itemize} \item Virtualisatie \item Lightweight @@ -52,8 +50,7 @@ \end{itemize} \end{frame} -\begin{frame} - \frametitle{Containers vs. Virtual Machines} +\begin{frame}{Containers vs. Virtual Machines} \tikzset{rm/.style={draw=red,text=red}} \tikzset{ad/.style={draw=Green,text=Green}} \begin{minipage}[b]{.49\linewidth} @@ -104,14 +101,12 @@ \end{frame} \section{Dockerfiles} -\begin{frame}[fragile] - \frametitle{Dockerfiles} - \inputminted[fontsize=\footnotesize]{docker}{examples/fortune/Dockerfile} +\begin{frame}[fragile]{Dockerfiles} + \inputminted{docker}{examples/fortune/Dockerfile} \end{frame} -\begin{frame}[fragile] - \frametitle{Bouwen} - \begin{minted}[fontsize=\scriptsize,tabsize=0]{console} +\begin{frame}[fragile]{Bouwen} + \begin{minted}{console} $ docker build -t fortune . Sending build context to Docker daemon 2.048 kB Step 1 : FROM debian:jessie @@ -121,9 +116,7 @@ Step 2 : MAINTAINER Camil Staps <info@camilstaps.nl> ---> 4311919afa35 Step 3 : RUN apt-get update -qq && apt-get install -qq -y fortune ---> Running in 646d62983d27 -debconf: delaying package configuration, since apt-utils is not installed -Selecting previously unselected package librecode0:amd64. - # ... +... Processing triggers for libc-bin (2.19-18+deb8u4) ... ---> 7243ea8162ab Removing intermediate container 646d62983d27 @@ -135,9 +128,8 @@ Successfully built 2d29f9fe8488 \end{minted} \end{frame} -\begin{frame}[fragile] - \frametitle{Runnen} - \begin{minted}[fontsize=\scriptsize,tabsize=0]{console} +\begin{frame}[fragile]{Draaien} + \begin{minted}{console} $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE fortune latest 2d29f9fe8488 5 minutes ago 137.3 MB @@ -146,32 +138,214 @@ fortune latest 2d29f9fe8488 5 minutes ago 137.3 MB debian jessie 1b088884749b 3 months ago 125.1 MB \end{minted} \pause - \begin{minted}[fontsize=\scriptsize,tabsize=0]{console} + \begin{minted}{console} $ docker run --name fortune_container fortune Q: Why was Stonehenge abandoned? A: It wasn't IBM compatible. \end{minted} \pause - \begin{minted}[fontsize=\scriptsize,tabsize=0]{console} -$ docker start -i fortune_container -Tonight's the night: Sleep in a eucalyptus tree. - \end{minted} - \pause - \begin{minted}[fontsize=\scriptsize,tabsize=0]{console} + \begin{minted}{console} $ docker ps --all CONTAINER ID IMAGE CREATED STATUS NAMES 4f496eb1518c fortune 4 minutes ago Exited (0) fortune_container \end{minted} + \pause + \begin{minted}{console} +$ docker start -a fortune_container +Tonight's the night: Sleep in a eucalyptus tree. + \end{minted} +\end{frame} + +\begin{frame}[fragile]{Daemons}{Dockerfile} + \begin{minted}{docker} +# Base: Node.js +FROM node:argon + +RUN mkdir -p /usr/src/cloogle-stats +WORKDIR /usr/src/cloogle-stats + +# Dependencies +COPY package.json /usr/src/cloogle-stats +RUN npm install + +# Own source +COPY server.js /usr/src/cloogle-stats +COPY entrypoint.sh /usr/src/cloogle-stats + +EXPOSE 31216 + +ENTRYPOINT ["./entrypoint.sh"] + \end{minted} +\end{frame} + +\begin{frame}[fragile]{Daemons}{entrypoint.sh} + \begin{minted}{bash} + #!/bin/bash + if [[ -f "/srv/ssl/cert.pem" ]] && [[ -f "/srv/ssl/key.pem" ]]; then + node server.js \ + /var/log/cloogle.log \ + /srv/ssl/cert.pem /srv/ssl/key.pem + else + node server.js \ + /var/log/cloogle.log + fi + \end{minted} +\end{frame} + +\begin{frame}[fragile]{Daemons}{Gebruik} + \begin{minted}{console} + $ docker build -t stats . + ... + \end{minted} + \pause + \begin{minted}{console} + $ docker run \ + -d \ + -v /local/path/to/cloogle.log:/var/log/cloogle.log \ + --net=host \ + --name stats-1 \ + stats + a0546b4e0b95e509b412a044a3b1d719a5638d6aad40e11246dac14c6a503e01 + \end{minted} + \pause + \begin{minted}{console} + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES + 29a21ce90a8c stats "./entrypoint.sh" 5 hours ago Up 5 hours stats-1 + \end{minted} + + \vfill + {\scriptsize\color{gray} + (Dit voorbeeld kwam uit Cloogle, + \href{https://github.com/dopefishh/cloogle}{https://github.com/dopefishh/cloogle}.)} +\end{frame} + +\section{Toepassingen} +\begin{frame}[fragile]{Compileren in verschillende omgevingen} + \begin{minted}{console} + $ docker run --rm -v "$PWD":/usr/src/app -w /usr/src/app gcc:4.9 make + cc -c -o fuspel.o fuspel.c -Werror -Wall -Wextra -O3 -g + cc -c -o lex.o lex.c -Werror -Wall -Wextra -O3 -g + ... + cc -o fuspel fuspel.o ... -Werror -Wall -Wextra -O3 -g + \end{minted} + \pause + \begin{minted}[breaklines]{console} + $ docker run --rm -v "$PWD":/usr/src/app -w /usr/src/app gcc:5.4 make + cc -c -o fuspel.o fuspel.c -Werror -Wall -Wextra -O3 -g + ... + cc -c -o print.o print.c -Werror -Wall -Wextra -O3 -g + print.c: In function 'print_token': + print.c:12:11: error: initialization makes integer from pointer without a cast [-Werror=int-conversion] + char c = NULL; + \end{minted} +\end{frame} +\begin{frame}{Compileren in verschillende omgevingen} + \begin{center} + \includegraphics[width=.5\linewidth]{compiling} + + {\scriptsize\href{https://www.xkcd.com/303/}{https://www.xkcd.com/303/}} + \end{center} +\end{frame} + +\begin{frame}{Continuous Integration}{Idee} + \begin{itemize} + \item + Code onder versiebeheer + \item + Draai \mintinline{bash}{make test} op iedere commit + \item + Doe dat op allerlei verschillende omgevingen + \end{itemize} +\end{frame} +\begin{frame}[fragile]{Continuous Integration}{Configuratie - GitLab (\href{https://gitlab.com}{https://gitlab.com})} + \begin{minted}{yaml} +test: + image: "camilstaps/clean:2.4-itasks" + before_script: + - apt-get update -qq && apt-get install -qq build-essential + script: + - make test + \end{minted} \end{frame} \section{Beveiliging} -\begin{frame} - \frametitle{Beveiliging} +\begin{frame}{Beveiliging} + \begin{itemize} + \item + Voorbeeld: \mintinline{bash}{--net=host} + + \begin{itemize} + \item + Geeft de guest toegang tot de network stack van de host + \item + Beter: \emph{expose} poorten + \item + Routing regels met iptables + \end{itemize} + + \item + Te veel voor nu, zie \href{https://docs.docker.com/engine/security/security/}{https://docs.docker.com/engine/security/security/} + \end{itemize} +\end{frame} + +\section{En verder\dots} +\begin{frame}{Docker Hub} + \begin{itemize} + \item + Heel veel applicaties zijn al \emph{dockerized} + \item + Dockerfiles worden gedeeld op de Docker Hub + \item + \href{https://hub.docker.com/explore}{https://hub.docker.com/explore} + \end{itemize} +\end{frame} + +\begin{frame}{Swarm} + \begin{itemize} + \item + Maak een netwerk van Docker hosts + \item + Verdeel workload over al die hosts + \item + Hele netwerk toegankelijk als \'e\'en Docker host + \item + \href{https://www.docker.com/products/docker-swarm}{https://www.docker.com/products/docker-swarm} + \end{itemize} + \begin{center} + \includegraphics[width=.3\linewidth]{swarm} + \end{center} \end{frame} -\section{Continuous Integration} -\begin{frame} - \frametitle{Continuous Integration} +\begin{frame}{Docker Compose} + \begin{itemize} + \item + Docker filosofie: \'e\'en proces per container + \item + Probleem: webserver met database? + \pause + \item + Beschrijf hoe containers van elkaar afhankelijk zijn + \item + \href{https://docs.docker.com/compose/}{https://docs.docker.com/compose/} + \end{itemize} +\end{frame} + +\section*{Einde} +\begin{frame}{Einde} + \begin{itemize} + \item Deze presentatie en voorbeelden: + \begin{itemize} + \item \href{https://git.camilstaps.nl/LUGN-Docker.git}{https://git.camilstaps.nl/LUGN-Docker.git} + \item \href{https://files.camilstaps.nl/LUGN-Docker/docker.pdf}{https://files.camilstaps.nl/LUGN-Docker/docker.pdf} + \end{itemize} + + \item Meer informatie: + \begin{itemize} + \item \href{https://docker.io}{https://docker.io} + \item \href{https://stackoverflow.com/questions/tagged/docker}{https://stackoverflow.com/questions/tagged/docker} + \end{itemize} + \end{itemize} \end{frame} \end{document} |