SlideShare une entreprise Scribd logo

Docker to the Rescue of an Ops Team

Rachid Zarouali
Rachid Zarouali

Slides from my DockerCon EU 2017 Talk. Find the abstract below: "In this talk, we'll discover how Docker comes to the rescue of the Ops Team, while rebuilding from scratch our monitoring infrastructure. We'll start by quickly describing the challenges, to focus on why and how using docker saved the project. From fixing dependencies and isolation issues, implementing rolling upgrades and new features hot addition, to building a completely modular, scalable and resilient infrastructure, we'll talk about why CI/CD workflows, docker tooling and Docker Swarm were the key to success."

Ingénierie
1  sur  30
Télécharger pour lire hors ligne
Docker to the rescue of an Ops Team Rachid Zarouali C.I.O Synolia Twitter / Slack : Xinity rachid.zarouali@synolia.com
Agenda This talk is about: ● Monitoring (a bit) ● Private Registry ● CI/CD ● Security ● Docker experience
Once upon a time An ops team starts a new project
Rebuild everything ! June 2014 A monitoring system from scratch “Microservices” oriented Replaceable parts
Some rules first ! Simple Efficient Extendable Python based
Components Collectd Collectd proxy Graphite Grafana Cabot (alerting)
Test your might ! Python 2.6 along with python 2.7 Different version of “some” libraries Whisper backend (I/O storm) Upstream repositories issues
Docker to the rescue Save our project
Docker ? way too soon ! Barely no skills Used only to do some testing Pretty serious concerns
Ok let’s gamble ! Grow our docker fu Write some Dockerfiles Build images locally Spawn PoC platform
….. RUN echo "deb http://mirror.debian.ikoula.com/debian wheezy-backports main" >> /etc/apt/sources.list RUN apt-get -qq update RUN apt-get -qqy dist-upgrade RUN apt-get -qqy --force-yes install vim python-cairo gunicorn supervisor (...) RUN pip install whitenoise txamqp whisper==0.9.13 carbonate RUN pip install --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/lib" carbon==0.9.13 RUN pip install --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/webapp" graphite-web==0.9.13 ADD conf/nginx.conf /etc/nginx/nginx.conf ADD conf/supervisord.conf /etc/supervisor/conf.d/grafana.conf ADD initial_data.json /var/lib/graphite/webapp/graphite/initial_data.json ADD conf/local_settings.py /var/lib/graphite/webapp/graphite/local_settings.py ADD conf/carbon.conf /var/lib/graphite/conf/carbon.conf ADD conf/storage-schemas.conf /var/lib/graphite/conf/storage-schemas.conf RUN mkdir -p /var/lib/graphite/storage/whisper RUN touch /var/lib/graphite/storage/graphite.db /var/lib/graphite/storage/index RUN chmod 0775 /var/lib/graphite/storage /var/lib/graphite/storage/whisper RUN python /var/lib/graphite/webapp/graphite/manage.py syncdb --noinput --pythonpath=/var/lib/graphite/webapp/graphite --settings=settings RUN chmod 0664 /var/lib/graphite/storage/graphite.db RUN chown -R www-data /var/lib/graphite/storage …..
WHAT ???
Container = OS …. Wait ! Too many layers ( 121+ layer issue) Build time …. (20 to 30 minutes at best) Huge Images (800+ Mo) Unnecessary tools and libs
Bye Bye !!!!
We can do better ! Apply best Practices (@abbyfuller) Implement simple CI/CD Dockerfile Linting Build a private registry Deal with security concerns
… RUN echo "APT::Install-Recommends false;" >> /etc/apt/apt.conf.d/00recommends && echo "APT::Install-Suggests false;" >> /etc/apt/apt.conf.d/00recommends && echo "APT::AutoRemove::RecommendsImportant false;" >> /etc/apt/apt.conf.d/00recommends && echo "APT::AutoRemove::SuggestsImportant false;" >> /etc/apt/apt.conf.d/00recommends ENV DEBIAN_FRONTEND noninteractive ENV GRAPHITE_VERS 0.9.13 RUN apt-get -qqy update && apt-get -qqy install python-cairo gunicorn git python2.7-dev wget ca-certificates python-flup expect sqlite3 libcairo2 libcairo2-dev pkg-config nodejs sqlite3 memcached python-ldap make gcc libffi-dev RUN wget https://bootstrap.pypa.io/get-pip.py && python get-pip.py && pip install --no-cache-dir --upgrade setuptools && pip install --no-cache-dir django django-admin-tools && pip install --no-cache-dir whitenoise txamqp whisper==${GRAPHITE_VERS} carbonate && pip install --no-cache-dir --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/lib" carbon==${GRAPHITE_VERS} && pip install --no-cache-dir --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/webapp" graphite-web==${GRAPHITE_VERS} RUN apt-get purge gcc make python2.7-dev libcairo2-dev libffi-dev python2.7-dev pkg-config -qqy && apt-get clean && apt-get autoremove -qqy && rm -rf /root/.cache /var/lib/apt/lists/* /tmp/* /var/tmp/* ...
Best practices :) Few image layers ( < 20 ) Small image (~ 400Mo) Lower footprint (100Mo) Faster build time (~5Min)
We did it , we did it Yeah !
CI/CD Diagram
CI/CD Recipe build: image: registry.synolia.com/synolia/dockerunitest:latest publish: docker: repo: synomon_datastor tag: $${BRANCH/master/latest} file: Dockerfile insecure: true when: repo: synolia/systeam-monitoring_datastor branch: [develop, master] notify: hipchat: from: "synoci" room_id_or_name: "$$ROOM_ID" auth_token: "$$AUTH_TOKEN" notify: true when: success: false failure: true Dockerfile Linting Build Push Notify (fail only)
Docker to the rescue II The return of the hero moby
This isn’t over yet ! Docker udp issues Tricky iptable filtering Unstable data volume Configuration management
Round 2: FIGHT ! Metric proxy (Collectd) on the host!! Simplify iptables rules Mount directories (metrics)
A new path opens To a brighter future
Epic loots ! No more dependency issues Replaceable and movable parts Greater security level Clustering ready (Swarm/K8S)
Lessons learned Caution when using udp IPv4 Config files out of the container Don’t use env variables (security) Use (abuse) automation
What’s next ? Greater Docker challenges
Many rooms to grow Reduce (even more) Image size Sign Images (notary to the rescue) Vulnerability scanning Implement rolling upgrades
New docker based projects Migrate Development platform (2015) Swarm clustering (*) Full scale Docker (*) (*) Work In Progress
Thank You DockerCon ! PS: don’t forget to rate my talk :)

Recommandé

Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)Ontico
 
Using docker to develop NAS applications
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applicationsTerry Chen
 
OpenStack for Centos
OpenStack for CentosOpenStack for Centos
OpenStack for CentosChandan Kumar
 
Enjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and HelmEnjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and Helmロフト くん
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇Philip Zheng
 
Docker at Digital Ocean
Docker at Digital OceanDocker at Digital Ocean
Docker at Digital OceanCloud 66
 
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGIEuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGIMax Tepkeev
 
State of Big Data on ARM64 / AArch64 - Apache Bigtop
State of Big Data on ARM64 / AArch64 - Apache BigtopState of Big Data on ARM64 / AArch64 - Apache Bigtop
State of Big Data on ARM64 / AArch64 - Apache BigtopGanesh Raju
 

Recommandé

Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)Ontico
 
Using docker to develop NAS applications
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applicationsTerry Chen
 
OpenStack for Centos
OpenStack for CentosOpenStack for Centos
OpenStack for CentosChandan Kumar
 
Enjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and HelmEnjoying k8s cluster with Minikube and Helm
Enjoying k8s cluster with Minikube and Helmロフト くん
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇Philip Zheng
 
Docker at Digital Ocean
Docker at Digital OceanDocker at Digital Ocean
Docker at Digital OceanCloud 66
 
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGIEuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGIMax Tepkeev
 
State of Big Data on ARM64 / AArch64 - Apache Bigtop
State of Big Data on ARM64 / AArch64 - Apache BigtopState of Big Data on ARM64 / AArch64 - Apache Bigtop
State of Big Data on ARM64 / AArch64 - Apache BigtopGanesh Raju
 
Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by DockerTerry Chen
 
容器與資料科學應用
容器與資料科學應用容器與資料科學應用
容器與資料科學應用Philip Zheng
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Ruoshi Ling
 
Qt native built for raspberry zero
Qt native built for raspberry zeroQt native built for raspberry zero
Qt native built for raspberry zeroSoheilSabzevari2
 
Git, Jenkins & Chuck
Git, Jenkins & ChuckGit, Jenkins & Chuck
Git, Jenkins & ChuckJuraj Michálek
 
Breaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIBreaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIIvan Nemytchenko
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Bo-Yi Wu
 
Breaking bad habits with GitLab CI
Breaking bad habits with GitLab CIBreaking bad habits with GitLab CI
Breaking bad habits with GitLab CIIvan Nemytchenko
 
170112
170112170112
170112robo_lab
 
App container rkt
App container rktApp container rkt
App container rktXiaofeng Guo
 
Everything as a code
Everything as a codeEverything as a code
Everything as a codeAleksandr Tarasov
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsSander van der Burg
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017Paul Chao
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014Christian Beedgen
 
Docker研習營
Docker研習營Docker研習營
Docker研習營Philip Zheng
 
2012 09-08-josug-jeff
2012 09-08-josug-jeff2012 09-08-josug-jeff
2012 09-08-josug-jeffZheng (Jeff) Xu
 
Docker 導入:障礙與對策
Docker 導入:障礙與對策Docker 導入:障礙與對策
Docker 導入:障礙與對策William Yeh
 
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet
 
The Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IThe Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IOded Sagir
 
Introduzione a GitHub Actions (beta)
Introduzione a GitHub Actions (beta)Introduzione a GitHub Actions (beta)
Introduzione a GitHub Actions (beta)Giulio Vian
 
Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 
Docker for data science
Docker for data scienceDocker for data science
Docker for data scienceCalvin Giles
 

Contenu connexe

Tendances

Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by DockerTerry Chen
 
容器與資料科學應用
容器與資料科學應用容器與資料科學應用
容器與資料科學應用Philip Zheng
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Ruoshi Ling
 
Qt native built for raspberry zero
Qt native built for raspberry zeroQt native built for raspberry zero
Qt native built for raspberry zeroSoheilSabzevari2
 
Breaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIBreaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIIvan Nemytchenko
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Bo-Yi Wu
 
Breaking bad habits with GitLab CI
Breaking bad habits with GitLab CIBreaking bad habits with GitLab CI
Breaking bad habits with GitLab CIIvan Nemytchenko
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsSander van der Burg
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017Paul Chao
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014Christian Beedgen
 
Docker 導入:障礙與對策
Docker 導入:障礙與對策Docker 導入:障礙與對策
Docker 導入:障礙與對策William Yeh
 
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet
 
The Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IThe Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IOded Sagir
 
Introduzione a GitHub Actions (beta)
Introduzione a GitHub Actions (beta)Introduzione a GitHub Actions (beta)
Introduzione a GitHub Actions (beta)Giulio Vian
 

Tendances (20)

Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by Docker
 
容器與資料科學應用
容器與資料科學應用容器與資料科學應用
容器與資料科學應用
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
 
Qt native built for raspberry zero
Qt native built for raspberry zeroQt native built for raspberry zero
Qt native built for raspberry zero
 
Git, Jenkins & Chuck
Git, Jenkins & ChuckGit, Jenkins & Chuck
Git, Jenkins & Chuck
 
Breaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CIBreaking Bad Habits with GitLab CI
Breaking Bad Habits with GitLab CI
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署
 
Breaking bad habits with GitLab CI
Breaking bad habits with GitLab CIBreaking bad habits with GitLab CI
Breaking bad habits with GitLab CI
 
170112
170112170112
170112
 
App container rkt
App container rktApp container rkt
App container rkt
 
Everything as a code
Everything as a codeEverything as a code
Everything as a code
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutions
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
 
Docker研習營
Docker研習營Docker研習營
Docker研習營
 
2012 09-08-josug-jeff
2012 09-08-josug-jeff2012 09-08-josug-jeff
2012 09-08-josug-jeff
 
Docker 導入:障礙與對策
Docker 導入:障礙與對策Docker 導入:障礙與對策
Docker 導入:障礙與對策
 
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....? Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
Puppet Camp Sydney 2015: Puppet and AWS is easy right.....?
 
The Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session IThe Secrets of The FullStack Ninja - Part A - Session I
The Secrets of The FullStack Ninja - Part A - Session I
 
Introduzione a GitHub Actions (beta)
Introduzione a GitHub Actions (beta)Introduzione a GitHub Actions (beta)
Introduzione a GitHub Actions (beta)
 

Similaire à Docker to the Rescue of an Ops Team

Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014biicode
 
Docker for data science
Docker for data scienceDocker for data science
Docker for data scienceCalvin Giles
 
Rust & Python : Python WA October meetup
Rust & Python : Python WA October meetupRust & Python : Python WA October meetup
Rust & Python : Python WA October meetupJohn Vandenberg
 
Software Quality Assurance Tooling - Wintersession 2024
Software Quality Assurance Tooling - Wintersession 2024Software Quality Assurance Tooling - Wintersession 2024
Software Quality Assurance Tooling - Wintersession 2024Henry Schreiner
 
Digital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meetingDigital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meetingHenry Schreiner
 
Software Quality Assurance Tooling 2023
Software Quality Assurance Tooling 2023Software Quality Assurance Tooling 2023
Software Quality Assurance Tooling 2023Henry Schreiner
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017
Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017
Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017MarcinStachniuk
 
Instrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabInstrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabSoftware Guru
 
Princeton Wintersession: Software Quality Assurance Tooling
Princeton Wintersession: Software Quality Assurance ToolingPrinceton Wintersession: Software Quality Assurance Tooling
Princeton Wintersession: Software Quality Assurance ToolingHenry Schreiner
 
Docker engine - Indroduc
Docker engine - IndroducDocker engine - Indroduc
Docker engine - IndroducAl Gifari
 
Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...
Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...
Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...Jian-Hong Pan
 
Arbeiten mit distribute, pip und virtualenv
Arbeiten mit distribute, pip und virtualenvArbeiten mit distribute, pip und virtualenv
Arbeiten mit distribute, pip und virtualenvMarkus Zapke-Gründemann
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructureSergiy Kukunin
 
Introduction to JIB and Google Cloud Run
Introduction to JIB and Google Cloud RunIntroduction to JIB and Google Cloud Run
Introduction to JIB and Google Cloud RunSaiyam Pathak
 
Swift server-side-let swift2016
Swift server-side-let swift2016Swift server-side-let swift2016
Swift server-side-let swift2016Eric Ahn
 
Practical introduction to dev ops with chef
Practical introduction to dev ops with chefPractical introduction to dev ops with chef
Practical introduction to dev ops with chefLeanDog
 

Similaire à Docker to the Rescue of an Ops Team (20)

Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014Dependencies Managers in C/C++. Using stdcpp 2014
Dependencies Managers in C/C++. Using stdcpp 2014
 
Docker for data science
Docker for data scienceDocker for data science
Docker for data science
 
Rust & Python : Python WA October meetup
Rust & Python : Python WA October meetupRust & Python : Python WA October meetup
Rust & Python : Python WA October meetup
 
Software Quality Assurance Tooling - Wintersession 2024
Software Quality Assurance Tooling - Wintersession 2024Software Quality Assurance Tooling - Wintersession 2024
Software Quality Assurance Tooling - Wintersession 2024
 
Digital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meetingDigital RSE: automated code quality checks - RSE group meeting
Digital RSE: automated code quality checks - RSE group meeting
 
Software Quality Assurance Tooling 2023
Software Quality Assurance Tooling 2023Software Quality Assurance Tooling 2023
Software Quality Assurance Tooling 2023
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Optimizing Your CI Pipelines
Optimizing Your CI PipelinesOptimizing Your CI Pipelines
Optimizing Your CI Pipelines
 
Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017
Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017
Continuous Delivery w projekcie Open Source - Marcin Stachniuk - DevCrowd 2017
 
Instrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabInstrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con Gitlab
 
Princeton Wintersession: Software Quality Assurance Tooling
Princeton Wintersession: Software Quality Assurance ToolingPrinceton Wintersession: Software Quality Assurance Tooling
Princeton Wintersession: Software Quality Assurance Tooling
 
Virtualenv
VirtualenvVirtualenv
Virtualenv
 
Docker engine - Indroduc
Docker engine - IndroducDocker engine - Indroduc
Docker engine - Indroduc
 
Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...
Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...
Package a PyApp as a Flatpak Package: An HTTP Server for Example @ PyCon APAC...
 
Arbeiten mit distribute, pip und virtualenv
Arbeiten mit distribute, pip und virtualenvArbeiten mit distribute, pip und virtualenv
Arbeiten mit distribute, pip und virtualenv
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 
Introduction to JIB and Google Cloud Run
Introduction to JIB and Google Cloud RunIntroduction to JIB and Google Cloud Run
Introduction to JIB and Google Cloud Run
 
Swift server-side-let swift2016
Swift server-side-let swift2016Swift server-side-let swift2016
Swift server-side-let swift2016
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Practical introduction to dev ops with chef
Practical introduction to dev ops with chefPractical introduction to dev ops with chef
Practical introduction to dev ops with chef
 

Plus de Rachid Zarouali

Les containers docker vu par un chef cuisinier et un mécanicien
Les containers docker vu par un chef cuisinier et un mécanicienLes containers docker vu par un chef cuisinier et un mécanicien
Les containers docker vu par un chef cuisinier et un mécanicienRachid Zarouali
 
Containers explained as for cook and a mecanics
Containers explained as for cook and a mecanics Containers explained as for cook and a mecanics
Containers explained as for cook and a mecanics Rachid Zarouali
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safelyRachid Zarouali
 
Devops rex tales of container security
Devops rex tales of container securityDevops rex tales of container security
Devops rex tales of container securityRachid Zarouali
 
Kit de Developpement Synolia
Kit de Developpement SynoliaKit de Developpement Synolia
Kit de Developpement SynoliaRachid Zarouali
 
ContainerDays Hamburg 2017: Deploy Resilient E-Commerce Platform
ContainerDays Hamburg 2017: Deploy Resilient E-Commerce PlatformContainerDays Hamburg 2017: Deploy Resilient E-Commerce Platform
ContainerDays Hamburg 2017: Deploy Resilient E-Commerce PlatformRachid Zarouali
 
Percona: Integrate PMM within an existing monitoring platform
Percona: Integrate PMM within an existing monitoring platformPercona: Integrate PMM within an existing monitoring platform
Percona: Integrate PMM within an existing monitoring platformRachid Zarouali
 
Meetup afup 21/09/16: monitoring à SYNOLIA
Meetup afup 21/09/16: monitoring à SYNOLIAMeetup afup 21/09/16: monitoring à SYNOLIA
Meetup afup 21/09/16: monitoring à SYNOLIARachid Zarouali
 

Plus de Rachid Zarouali (9)

Les containers docker vu par un chef cuisinier et un mécanicien
Les containers docker vu par un chef cuisinier et un mécanicienLes containers docker vu par un chef cuisinier et un mécanicien
Les containers docker vu par un chef cuisinier et un mécanicien
 
Containers explained as for cook and a mecanics
Containers explained as for cook and a mecanics Containers explained as for cook and a mecanics
Containers explained as for cook and a mecanics
 
Start your container journey safely
Start your container journey safelyStart your container journey safely
Start your container journey safely
 
Devops rex tales of container security
Devops rex tales of container securityDevops rex tales of container security
Devops rex tales of container security
 
Securité des container
Securité des containerSecurité des container
Securité des container
 
Kit de Developpement Synolia
Kit de Developpement SynoliaKit de Developpement Synolia
Kit de Developpement Synolia
 
ContainerDays Hamburg 2017: Deploy Resilient E-Commerce Platform
ContainerDays Hamburg 2017: Deploy Resilient E-Commerce PlatformContainerDays Hamburg 2017: Deploy Resilient E-Commerce Platform
ContainerDays Hamburg 2017: Deploy Resilient E-Commerce Platform
 
Percona: Integrate PMM within an existing monitoring platform
Percona: Integrate PMM within an existing monitoring platformPercona: Integrate PMM within an existing monitoring platform
Percona: Integrate PMM within an existing monitoring platform
 
Meetup afup 21/09/16: monitoring à SYNOLIA
Meetup afup 21/09/16: monitoring à SYNOLIAMeetup afup 21/09/16: monitoring à SYNOLIA
Meetup afup 21/09/16: monitoring à SYNOLIA
 

Dernier

Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...Amil baba
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARKOUSTAV SARKAR
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiessarkmank1
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdfAldoGarca30
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...drmkjayanthikannan
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesRAJNEESHKUMAR341697
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptNANDHAKUMARA10
 

Dernier (20)

Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 

Docker to the Rescue of an Ops Team

  • 1. Docker to the rescue of an Ops Team Rachid Zarouali C.I.O Synolia Twitter / Slack : Xinity rachid.zarouali@synolia.com
  • 2. Agenda This talk is about: ● Monitoring (a bit) ● Private Registry ● CI/CD ● Security ● Docker experience
  • 3. Once upon a time An ops team starts a new project
  • 4. Rebuild everything ! June 2014 A monitoring system from scratch “Microservices” oriented Replaceable parts
  • 5. Some rules first ! Simple Efficient Extendable Python based
  • 7. Test your might ! Python 2.6 along with python 2.7 Different version of “some” libraries Whisper backend (I/O storm) Upstream repositories issues
  • 8. Docker to the rescue Save our project
  • 9. Docker ? way too soon ! Barely no skills Used only to do some testing Pretty serious concerns
  • 10. Ok let’s gamble ! Grow our docker fu Write some Dockerfiles Build images locally Spawn PoC platform
  • 11. ….. RUN echo "deb http://mirror.debian.ikoula.com/debian wheezy-backports main" >> /etc/apt/sources.list RUN apt-get -qq update RUN apt-get -qqy dist-upgrade RUN apt-get -qqy --force-yes install vim python-cairo gunicorn supervisor (...) RUN pip install whitenoise txamqp whisper==0.9.13 carbonate RUN pip install --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/lib" carbon==0.9.13 RUN pip install --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/webapp" graphite-web==0.9.13 ADD conf/nginx.conf /etc/nginx/nginx.conf ADD conf/supervisord.conf /etc/supervisor/conf.d/grafana.conf ADD initial_data.json /var/lib/graphite/webapp/graphite/initial_data.json ADD conf/local_settings.py /var/lib/graphite/webapp/graphite/local_settings.py ADD conf/carbon.conf /var/lib/graphite/conf/carbon.conf ADD conf/storage-schemas.conf /var/lib/graphite/conf/storage-schemas.conf RUN mkdir -p /var/lib/graphite/storage/whisper RUN touch /var/lib/graphite/storage/graphite.db /var/lib/graphite/storage/index RUN chmod 0775 /var/lib/graphite/storage /var/lib/graphite/storage/whisper RUN python /var/lib/graphite/webapp/graphite/manage.py syncdb --noinput --pythonpath=/var/lib/graphite/webapp/graphite --settings=settings RUN chmod 0664 /var/lib/graphite/storage/graphite.db RUN chown -R www-data /var/lib/graphite/storage …..
  • 13. Container = OS …. Wait ! Too many layers ( 121+ layer issue) Build time …. (20 to 30 minutes at best) Huge Images (800+ Mo) Unnecessary tools and libs
  • 15. We can do better ! Apply best Practices (@abbyfuller) Implement simple CI/CD Dockerfile Linting Build a private registry Deal with security concerns
  • 16. … RUN echo "APT::Install-Recommends false;" >> /etc/apt/apt.conf.d/00recommends && echo "APT::Install-Suggests false;" >> /etc/apt/apt.conf.d/00recommends && echo "APT::AutoRemove::RecommendsImportant false;" >> /etc/apt/apt.conf.d/00recommends && echo "APT::AutoRemove::SuggestsImportant false;" >> /etc/apt/apt.conf.d/00recommends ENV DEBIAN_FRONTEND noninteractive ENV GRAPHITE_VERS 0.9.13 RUN apt-get -qqy update && apt-get -qqy install python-cairo gunicorn git python2.7-dev wget ca-certificates python-flup expect sqlite3 libcairo2 libcairo2-dev pkg-config nodejs sqlite3 memcached python-ldap make gcc libffi-dev RUN wget https://bootstrap.pypa.io/get-pip.py && python get-pip.py && pip install --no-cache-dir --upgrade setuptools && pip install --no-cache-dir django django-admin-tools && pip install --no-cache-dir whitenoise txamqp whisper==${GRAPHITE_VERS} carbonate && pip install --no-cache-dir --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/lib" carbon==${GRAPHITE_VERS} && pip install --no-cache-dir --install-option="--prefix=/var/lib/graphite" --install-option="--install-lib=/var/lib/graphite/webapp" graphite-web==${GRAPHITE_VERS} RUN apt-get purge gcc make python2.7-dev libcairo2-dev libffi-dev python2.7-dev pkg-config -qqy && apt-get clean && apt-get autoremove -qqy && rm -rf /root/.cache /var/lib/apt/lists/* /tmp/* /var/tmp/* ...
  • 17. Best practices :) Few image layers ( < 20 ) Small image (~ 400Mo) Lower footprint (100Mo) Faster build time (~5Min)
  • 18. We did it , we did it Yeah !
  • 20. CI/CD Recipe build: image: registry.synolia.com/synolia/dockerunitest:latest publish: docker: repo: synomon_datastor tag: $${BRANCH/master/latest} file: Dockerfile insecure: true when: repo: synolia/systeam-monitoring_datastor branch: [develop, master] notify: hipchat: from: "synoci" room_id_or_name: "$$ROOM_ID" auth_token: "$$AUTH_TOKEN" notify: true when: success: false failure: true Dockerfile Linting Build Push Notify (fail only)
  • 21. Docker to the rescue II The return of the hero moby
  • 22. This isn’t over yet ! Docker udp issues Tricky iptable filtering Unstable data volume Configuration management
  • 23. Round 2: FIGHT ! Metric proxy (Collectd) on the host!! Simplify iptables rules Mount directories (metrics)
  • 24. A new path opens To a brighter future
  • 25. Epic loots ! No more dependency issues Replaceable and movable parts Greater security level Clustering ready (Swarm/K8S)
  • 26. Lessons learned Caution when using udp IPv4 Config files out of the container Don’t use env variables (security) Use (abuse) automation
  • 27. What’s next ? Greater Docker challenges
  • 28. Many rooms to grow Reduce (even more) Image size Sign Images (notary to the rescue) Vulnerability scanning Implement rolling upgrades
  • 29. New docker based projects Migrate Development platform (2015) Swarm clustering (*) Full scale Docker (*) (*) Work In Progress
  • 30. Thank You DockerCon ! PS: don’t forget to rate my talk :)