Slide deck from the Sydney Docker Meetup 19/08/2015 How to deploy Docker in the enterprise with Puppet.

2. A little bit about me ….
Scott Coulton
• 10 + years hosting solutions experience
• Extensive experience in architecture across AWS, Puppet, Linux,
Docker and all things open source
https://github.com/scotty-c
https://registry.hub.doc
ker.com/repos/scottyc/
https://forge.puppetlabs.com/s
cottyc
@scottcoulton

3. Agenda
Looking at how to use Puppet to deploy docker in a
production fault tolerant environment with service
discovery using docker compose, docker swarm
and consul

4. Lets look at the components

5. What is Docker ???
• Docker containers wrap up
a piece of software in a
complete filesystem that
contains everything it needs
to run: code, runtime,
system tools, system
libraries – anything you can
install on a server. This
guarantees that it will
always run the same,
regardless of the
environment it is running in.

6. What is Docker Swarm ???
•Docker Swarm is native clustering for Docker.
It turns a pool of Docker hosts into a single,
virtual host.
•Swarm serves the standard Docker API, so
any tool which already communicates with a
Docker daemon can use Swarm to
transparently scale to multiple hosts: Dokku,
Compose, Krane, Flynn, Deis, DockerUI,
Shipyard, Drone, Jenkins... and, of course,
the Docker client itself.

7. What is Docker Compose???
•Compose is a tool for
defining and running multi-
container applications with
Docker. With Compose, you
define a multi-container
application in a single file,
then spin your application
up in a single command
which does everything that
needs to be done to get it
running.

8. What is Weave ???
•Weave Net connects all
your containers into a
transparent, dynamic and
resilient mesh. This is one
of the easiest ways to set
up clustered applications
that run anywhere..

9. What is Consul ???
•Consul makes it simple for
services to register
themselves and to discover
other services via a DNS or
HTTP interface. Register
external services such as
SaaS providers as well.
•Flexible key/value store for
dynamic configuration,
feature flagging,
coordination, leader
election and more. Long
poll for near-instant
notification of configuration
changes.

10. What is Puppet ??
• Puppet is a configuration
management solution that
allows you to define the
state of your IT
infrastructure, and then
automatically enforces the
desired state. Puppet
automates every step of the
software delivery process,
from provisioning of
physical and virtual
machines to orchestration
and reporting; from early-
stage code development
through testing, production
release and updates.

11. Lets look at a real world example of Docker in action …

12. So what do we have …
• Jenkins Master (Single ec2 in an
autoscaling group of 1)
• Slaves servers are in an auto scaling
group

13. Whats wrong with this design !!!
• Auto scaling is to slow
• Fined tune metrics of auto
scaling does not support
the needs of the app
• We can only be as quick as
AWS EC2 provisioning

15. Enter Docker …

17. Now lets add Docker Swarm …

19. Lets make it repeatable …

20. Internal Docker Registry !!!

21. EC2

23. • Docker
• Docker swarm
• Docker compose
• Weave

24. • Docker and Docker compose
https://github.com/scotty-c/garethr-docker
• Docker swarm
https://forge.puppetlabs.com/scottyc/docker_swarm
• Weave
https://forge.puppetlabs.com/tayzlor/weave

25. Lets look at some code !!!
• Docker

26. • Docker compose Part 1

27. • Docker compose Part 2

28. • Docker swarm

29. What about security ???

30. The truth …..
• We can not only apply
normal infrastructure
controls, we can now add
application controls to our
infrastructure
• We have hardening guides
https://benchmarks.cisecurit
y.org/downloads/show-
single/?file=docker16.100

32. We are going to build
4 nodes ( 3 in a swarm cluster and 1 manager)
Running the following
• Docker
• Docker Swarm
• Weave
• Consul
• Docker Compose
All built with Puppet !!!!

35. https://github.com/scotty-c/puppet-meetup
Code from tonight