We live in a multi-platform world, and who doesn't want their project to run on all of them? The last few DockerCon events have covered the introduction of multi-platform image capabilities into the Docker registry and engine releases. Now it's time to put these features to good use building applications across architectures and running them all in a heterogeneous Docker Swarm! In this talk we'll cover the new `docker manifest` command for making multi-architecture images; how to emulate architectures in docker containers on your own machine; and give a live demonstration of these capabilities with a Docker Swarm consisting of workers of different CPU architectures, including armhf, ppc64le, s390x, and x86_64. We'll also share some pointers for making sure your project is multi-platform ready! Three Takeaways: 1. Attendees will be introduced to manifest lists and how to create multi-arch images using the new 'docker manifest' command. 2. Attendees will learn how to easily create and deploy a basic multi-arch service using multi-platform images. 3. Bonus: Attendees will learn how to run non-native docker containers on their systems.

1. FROM ARM to Z: building, shipping, and
running a multi-platform Docker swarm
Chris Jones
Open Source Developer, IBM
Christy Perez
Open Source Developer, IBM

2. • What is "multi-arch?"
• Why is this needed?
• How to ...
• Examples
• docker manifest
Agenda
• Demo – Building images
• Demo – Shipping images
• Demo – Running Swarm
• Q&A

3. What are we talking about?

4. • GOAL: User
experience across
architectures is the
same
What

7. Why should I care?

8. $ docker run –it ubuntu
standard_init_linux.go:178: exec user process caused
“no such file or directory”
$ uname –m
s390x
$ docker run –it s390x/ubuntu
root@eb7051894530:/#
Why

9. $ docker run –it rethinkdb
standard_init_linux.go:178: exec user process caused
“no such file or directory”
$ uname –m
aarch64
$ docker run –it aarch64/rethinkdb
docker: Error response from daemon: repository
aarch64/rethinkdb not found: does not exist or no
pull access.
Why

11. • The user had to remember he was on a different
architecture
• Arch-dependent image names harm usability
• Siloed projects cause heartbreaks
What went wrong?

12. • Grow your project
• Strengths of other platforms
Benefits

13. How to multi-arch?

14. • actual hardware
• hardware assisted virtualization (KVM)
• full-system emulation (QEMU)
• user-mode emulation (binfmt_misc)
• cross-compiling
How
Building and running binaries

15. binfmt_misc

16. • Allows you to run ELF binaries that weren’t
compiled on your host architecture
• Maps non-native binaries to arch-specific
interpreters (e.g. QEMU)
• Pre-Configured in Docker for Mac!
binfmt_misc

18. # create magic number (ELF header bit) mappings
$ docker run –rm –privileged multiarch/qemu-user-
static:register
# verify our magic numbers were added, aka our
# Rolodex has been created.
$ ls /proc/sys/fs/binfmt_misc/
aarch64 arm ppc64le s390x …
binfmt_misc – ppc64le e.g.

19. # download interpreter
$ curl -fsSL https://github.com/multiarch/qemu-user-
static/releases/download/v2.8.1/x86_64_qemu-ppc64le-
static.tar.gz -o ~/x86_64_qemu-ppc64le-static.tar.gz
# unzip to /usr/bin/qemu-ppc64le-static
$ tar -xvzf ~/x86_64_qemu-ppc64le-static.tar.gz -C
/usr/bin/qemu-ppc64le-static
binfmt_misc – ppc64le e.g.

20. # docker run ppc64le image and mount bin
$ docker run -it --rm -v /usr/bin/qemu-ppc64le-
static:/usr/bin/qemu-ppc64le-static /
ppc64le/busybox:latest uname –m
uname -m
ppc64le
binfmt_misc – ppc64le e.g.

21. # docker run ppc64le image
$ docker run -it --rm ppc64le/busybox:latest uname -m
uname -m
ppc64le
Docker for Mac

22. Cross-compiling in go

23. $ GOOS=linux GOARCH=arm go build
complex cross-compiling in go

24. Advice (Wisdom?)

25. ├── Dockerfile
├── Dockerfile.aarch64
├── Dockerfile.armhf
├── Dockerfile.ppc64le
├── Dockerfile.s390x
├── Dockerfile.simple
├── Dockerfile.solaris
├── Dockerfile.windows
Makefiles, Dockerfiles & build scripts
• Multiple Dockerfiles (e.g.
Dockerfile.armf)
• Don't hard-code in arch in
packages, etc.

26. • If you must...
• ifdefs & build constraints
Optimizations
zfs.go:// +build linux freebsd solaris
zfs_unsupported.go:// +build !linux,!freebsd,!solaris

27. Where does docker fit?

28. • Multi-arch support in registry (Jan 2016)
• Skopeo Project
(https://github.com/projectatomic/skopeo)
• Phil Estes' tool
(https://github.com/estesp/manifest-tool)
• PR to add "docker manifest" (PR #27455)
History

29. What's a manifest?
• Image metadata
- Layers
- References
- OS
- Arch
- etc.

30. What's a manifest list?
• A multi-arch "image"
• Contains image manifests
• Engine decides which to pull
• Not tied to image name
• Extra image detail
myrepo/mylist
amd64 image amrhf image
ppc64le image

31. docker manifest

32. • "Shallow pull" of image: manifest only
• Pushing multi-architecture image names to
registry
`docker manifest` command

33. # create interactively using cli
$ docker manifest create tophj/busybox busybox /
aarch64/busybox armhf/busybox ppc64le/busybox /
s390x/busybox
$ docker manifest annotate tophj/busybox /
armhf/busybox --os linux --arch arm --osFeature f1
$ docker manifest push tophj/busybox
docker manifest

34. # or create using yaml
$ docker manifest push
-f clnperez_hw.yaml
docker manifest - yaml

35. docker manifest inspect tophj/busybox
docker manifest inspect busybox
docker manifest

36. Putting it all together:
docker swarm

37. tophj/demo

38. tophj/demo
• tophj/ppc64le-demo
• tophj/x86_64-demo
• tophj/armhf -demo
• tophj/s390x-demo

39. ├── Dockerfile.armhf
├── Dockerfile.ppc64le
├── Dockerfile.s390x
├── Dockerfile.x86_64
├── img
│ ├── captain_logo.png
│ ├── captain.png
│ ├── christy_logo.png
│ ├── christy.png
│ ├── pink.png
│ └── tophj.png
└── server.go
docker swarm demo

40. # create our tophj/demo manifest list which points to our
# architecture specific images
$ docker manifest create tophj/demo tophj/x86_64-demo
tophj/armhf-demo tophj/ppc64le-demo tophj/s390x-demo
docker swarm demo

41. # annotate to change armhf to arm
$ docker manifest annotate tophj/demo tophj/armhf-demo
--os linux --arch arm
# finally push the manifest list
$ docker manifest push tophj/demo
docker swarm demo

42. $ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER
STATUS
3nisms9qfi27ko0683bylxyud s390 Ready Active
7jwo7d5braat1l6n63j8xfue6 * x86_64 Ready Active Leader
n5tqx2yk77123sjiapqwmu14e armhf Ready Active
u30pwzlt5hthwbbsdok8nxyh8 ppc64le Ready Active
docker swarm demo

43. # start the swarm service using the multi-arch image name
$ docker service create --mode global --name dockercon -p 8082:8080 tophj/demo
# start a simple load-balancer for fun
$ docker run -itd -p 80:81 --name nginx -v /christy/nginx:/etc/nginx nginx
# visit the IP of your load balancer in your browser
# be sure to refresh for multi-arch fun
docker swarm demo

44. docker swarm demo

45. bit.ly/multiarch-docker
Resources

46. • Server image:
https://c1.staticflickr.com/4/3519/3462607995_150a6b2624_b.jpg
• HtcpcpTeapot image:
https://commons.wikimedia.org/wiki/File:Htcpcp_teapot.jpg
• Raspberry Pi is a trademark of the Raspberry Pi Foundation.
• https://github.com/dockersamples/docker-swarm-visualizer
• ARMHF VM from Scaleway
• X86 VM from DigitalOcean
References & Legal

47. Thank You!
Go forth and multi-arch!
@docker #dockercon