This document provides an overview of extending Docker using plugins, specifically an image whitelist plugin. It discusses Docker's plugin architecture, provides examples of volume and network plugins, and goes through setting up and implementing an image whitelist plugin. Key points include:
- Docker plugins allow extending Docker's capabilities by running external processes that communicate with the Docker daemon.
- Examples of plugin types are volumes, networks, authorization. A volume plugin enables integration with external storage, a network plugin supports different networking technologies.
- The document demonstrates setting up an image whitelist Docker plugin that checks images against a whitelist before allowing them to run.
- Implementing the plugin involves creating a client to communicate with Docker's API, parsing a cron
Containerization is more than the new Virtualization: enabling separation of ...Jérôme Petazzoni
Docker offers a new, lightweight approach to application
portability. Applications are shipped using a common container format,
and managed with a high-level API. Their processes run within isolated
namespaces which abstract the operating environment, independently of
the distribution, versions, network setup, and other details of this
environment.
This "containerization" has often been nicknamed "the new
virtualization". But containers are more than lightweight virtual
machines. Beyond their smaller footprint, shorter boot times, and
higher consolidation factors, they also bring a lot of new features
and use cases which were not possible with classical virtual machines.
We will focus on one of those features: separation of operational
concerns. Specifically, we will demonstrate how some fundamental tasks
like logging, remote access, backups, and troubleshooting can be
entirely decoupled from the deployment of applications and
services. This decoupling results in independent, smaller, simpler
moving parts; just like microservice architectures break down large
monolithic apps in more manageable components.
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
Sematext engineer Rafal Kuc (@kucrafal) walks through the details of running high-performance, fault tolerant Elasticsearch clusters on Docker. Topics include: Containers vs. Virtual Machines, running the official Elasticsearch container, container constraints, good network practices, dealing with storage, data-only Docker volumes, scaling, time-based data, multiple tiers and tenants, indexing with and without routing, querying with and without routing, routing vs. no routing, and monitoring. Talk was delivered at DevOps Days Warsaw 2015.
Cgroups, namespaces and beyond: what are containers made from?Docker, Inc.
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage containers. We'll explain what are Linux Containers, what powers them (under the hood), and what extra value Docker brings to the table. Then we'll see what the typical Docker workflow looks like from a developer point of view. We'll also give an Ops perspective, including deployment options. If you already saw a "Docker 101", consider this presentation as the February 2014 update! :-)
Describes what is lightweight virtualization and containers, and the low-level mechanisms in the Linux kernel that it relies on: namespaces, cgroups. It also gives details on AUFS. Those component together are the key to understanding how modern systems like Docker (http://www.docker.io/) work.
Container Torture: Run any binary, in any containerDocker, Inc.
Running a container app in the container is easy, attaching a custom app to a running container is a bit trickier. But, what if I wanted to run any arbitrary binary in any arbitrary running container? Common wisdom says it's impossible. Is it ? This talk dives into containers internals, just above the kernel surface and demonstrates that this is, indeed possible. With a bit of C magic and ptrace.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Containerization is more than the new Virtualization: enabling separation of ...Jérôme Petazzoni
Docker offers a new, lightweight approach to application
portability. Applications are shipped using a common container format,
and managed with a high-level API. Their processes run within isolated
namespaces which abstract the operating environment, independently of
the distribution, versions, network setup, and other details of this
environment.
This "containerization" has often been nicknamed "the new
virtualization". But containers are more than lightweight virtual
machines. Beyond their smaller footprint, shorter boot times, and
higher consolidation factors, they also bring a lot of new features
and use cases which were not possible with classical virtual machines.
We will focus on one of those features: separation of operational
concerns. Specifically, we will demonstrate how some fundamental tasks
like logging, remote access, backups, and troubleshooting can be
entirely decoupled from the deployment of applications and
services. This decoupling results in independent, smaller, simpler
moving parts; just like microservice architectures break down large
monolithic apps in more manageable components.
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerSematext Group, Inc.
Sematext engineer Rafal Kuc (@kucrafal) walks through the details of running high-performance, fault tolerant Elasticsearch clusters on Docker. Topics include: Containers vs. Virtual Machines, running the official Elasticsearch container, container constraints, good network practices, dealing with storage, data-only Docker volumes, scaling, time-based data, multiple tiers and tenants, indexing with and without routing, querying with and without routing, routing vs. no routing, and monitoring. Talk was delivered at DevOps Days Warsaw 2015.
Cgroups, namespaces and beyond: what are containers made from?Docker, Inc.
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage containers. We'll explain what are Linux Containers, what powers them (under the hood), and what extra value Docker brings to the table. Then we'll see what the typical Docker workflow looks like from a developer point of view. We'll also give an Ops perspective, including deployment options. If you already saw a "Docker 101", consider this presentation as the February 2014 update! :-)
Describes what is lightweight virtualization and containers, and the low-level mechanisms in the Linux kernel that it relies on: namespaces, cgroups. It also gives details on AUFS. Those component together are the key to understanding how modern systems like Docker (http://www.docker.io/) work.
Container Torture: Run any binary, in any containerDocker, Inc.
Running a container app in the container is easy, attaching a custom app to a running container is a bit trickier. But, what if I wanted to run any arbitrary binary in any arbitrary running container? Common wisdom says it's impossible. Is it ? This talk dives into containers internals, just above the kernel surface and demonstrates that this is, indeed possible. With a bit of C magic and ptrace.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Docker - container and lightweight virtualization Sim Janghoon
Docker is an open platform for building, shipping and running distributed applications. It uses containers, which are lightweight and portable execution environments, to isolate applications and their dependencies from one another. Containers are created from Docker images, which are templates that contain binaries, libraries and configuration files needed to run an application. Namespaces and control groups allow containers to share resources on the host machine while maintaining isolation.
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk was delivered at DockerCon Europe 2015 in Barcelona.
This document summarizes tools and techniques for open source network testing, including testing routers and Wi-Fi networks with multiple concurrent clients to evaluate performance under real-world conditions. It describes using tools like net-hydra, netburn, and whenits to automate testing across multiple client devices and collect throughput and latency statistics. The document advocates an approach of testing networks with multiple concurrent activities like downloading, browsing, VoIP calls, and streaming to evaluate how equipment handles collision domains under more challenging real-world loads.
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Running Cassandra in a docker environment to give you a flexible development environment that uses only a very small set of resources, both locally and with your favorite cloud provider. Lessons learned running Cassandra with a very small set of resources are applicable to both your local development environment and larger, less constrained production deployments.
From http://www.meetup.com/Docker-Santa-Clara/events/232789407/
Docker Tips And Tricks at the Docker Beijing MeetupJérôme Petazzoni
This talk was presented in October at the Docker Beijing Meetup, in the VMware offices.
It presents some of the latest features of Docker, discusses orchestration possibilities with Docker, then gives a briefing about the performance of containers; and finally shows how to use volumes to decouple components in your applications.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
The document discusses the security of running applications in Linux containers. It begins by acknowledging that containers were not originally designed with security in mind. However, it then outlines several techniques that can be used to improve security, such as running containers without root privileges, dropping capabilities, enabling security modules like SELinux, and limiting access to devices and system calls. For the most security-sensitive tasks, it recommends running containers inside virtual machines to isolate them further. In the end, it argues that with the right precautions, containers can be used securely for many applications.
Scaling and Managing Cassandra with docker, CoreOS and PrestoVali-Marius Malinoiu
This document discusses technologies for building scalable distributed applications including Docker for containerization, CoreOS for clustering, and Presto for querying. Docker allows building and sharing portable applications without dependencies. CoreOS uses Etcd for reliable storage, Fleet for service deployment and management, and Flannel for networking containers across machines. Presto is presented as a distributed SQL query engine that can combine data from multiple sources like Hadoop and Cassandra at scale.
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
Ric Lister presents patterns for running Docker in production on CoreOS, including a simple homogeneous operations cluster where sidekick units announce services in etcd and a reverse proxy discovers them, an etcd and workers pattern for low-traffic sites behind a load balancer, and an immutable servers pattern without etcd for high-traffic microservices with strict change control. He also discusses logging to ship container output off hosts, various monitoring options, alternative operating systems like RancherOS and Atomic, and scheduler options like Kubernetes, Mesos, and Deis.
Bare Metal to OpenStack with Razor and ChefMatt Ray
Razor is an open source provisioning tool that was originally developed by EMC and Puppet Labs. It can discover hardware, select images to deploy, and provision nodes using model-based provisioning. The demo showed setting up a Razor appliance, adding images, models, policies, and brokers. It then deployed an OpenStack all-in-one environment to a new VM using Razor and Chef. The OpenStack cookbook walkthrough explained the roles, environments, and cookbooks used to deploy and configure OpenStack components using Chef.
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Jérôme Petazzoni
If you're not familiar yet with Docker, here is your chance to catch up. This presentation includes a quick overview of the Open Source Docker Engine, and its associated services delivered through the Docker Hub. Recent features are listed, as well as a glimpse at what's next in the Docker world.
This presentation was given during OSCON, at a meet-up hosted by New Relic, with co-presentations from CoreOS and Rackspace OnMetal.
Docker networking uses Linux bridges which only connect containers on the same host. Containers cannot communicate across hosts. NAT and iptables are used to expose container ports to external networks. Docker's process model runs containers as child processes of the Docker daemon, so if the daemon fails all containers will fail. Alternative container runtimes like Rocket have a more robust process model.
Docker from A to Z, including Swarm and OCCSFrank Munz
This document provides an overview of Docker from A to Z including using Docker with Oracle Container Cloud Service. It discusses basics of Docker including how it provides isolation using Linux namespaces and cgroups. It compares Docker containers to virtual machines and covers Docker images, containers, limitations, networking, security concerns and suggestions. It also discusses using Docker with Oracle technologies including Dockerfiles on GitHub, the Oracle Container Registry, and Oracle Container Cloud Service.
KVM and docker LXC Benchmarking with OpenStackBoden Russell
Passive benchmarking with docker LXC and KVM using OpenStack hosted in SoftLayer. These results provide initial incite as to why LXC as a technology choice offers benefits over traditional VMs and seek to provide answers as to the typical initial LXC question -- "why would I consider Linux Containers over VMs" from a performance perspective.
Results here provide insight as to:
- Cloudy ops times (start, stop, reboot) using OpenStack.
- Guest micro benchmark performance (I/O, network, memory, CPU).
- Guest micro benchmark performance of MySQL; OLTP read, read / write complex and indexed insertion.
- Compute node resource consumption; VM / Container density factors.
- Lessons learned during benchmarking.
The tests here were performed using OpenStack Rally to drive the OpenStack cloudy tests and various other linux tools to test the guest performance on a "micro level". The nova docker virt driver was used in the Cloud scenario to realize VMs as docker LXC containers and compared to the nova virt driver for libvirt KVM.
Please read the disclaimers in the presentation as this is only intended to be the "chip of the ice burg".
Docker containers are other piece of the new Connections architecture that makes it a highly extensible and flexible collaboration platform. Flashing back to IBM Connect 17 in San Francisco, I knew Docker was going to be a topic of high interest as the Docker session was standing room only. Predicated on this I decided to conduct an introduction to Docker session at Social Connections 11.
Puppet is automation software that helps system administrators manage infrastructure by automating provisioning, configuration, and other repetitive tasks. It ensures consistency and stability. Puppet consists of a Puppet Master and Puppet Agents. Vagrant provides a way to easily create and configure virtual development environments using configuration files and automation (e.g. Puppet). It uses Oracle VirtualBox and allows specifying and provisioning resources. Benefits include consistent environments for development, testing, and teams.
It's presentation for technet 2015 in korea.
I changed the format to pptx,
목차는 아래와 같습니다.
Openstack 인프라 구축 (4 node 구성) [ 30분]
Openstack 위에 VM 생성 [ 20분 ]
docker 구축 기초 [ 30분]
오픈스택에 docker를 연결 [ 30분]
Docker로 WEB서비스 구축 [ 15분]
Openstack 위에 Docker로 WEB서비스 구축 [ 15분]
Docker로 jenkins 구현 [30분]
Performance characteristics of traditional v ms vs docker containers (dockerc...Boden Russell
Docker containers provide significantly lower resource usage and higher density than traditional virtual machines when running multiple workloads concurrently on a server.
When booting 15 Ubuntu VMs with MySQL sequentially, Docker containers boot on average 3.5 seconds compared to 5.8 seconds for KVMs. During steady state operation of 15 active VMs, Docker uses on average 0.2% CPU and 49MB RAM per container, while KVMs use 1.9% CPU and 292MB RAM each. Docker maintains low 1-minute load averages of 0.15, while KVMs average 35.9% under load.
geOrchestra is the free, modular and secure Spatial Data Infrastructure software born in 2009 to meet the requirements of the INSPIRE directive in Europe. It is built on top of the latest stable versions of GeoServer and GeoNetwork. In this talk we will briefly present the geOrchestra SDI, before going through the major contributions during the previous year, to answer the following questions:
* how the project moved from tainted to generic artifacts (war files, debian packages, docker images)
* how to deploy a geOrchestra SDI instance in 10 minutes
* how to build your robust, high performance and high availability SDI in the clouds.
Deploying 3 times a day without a downtime @ Rocket Tech Summit in BerlinAlessandro Nadalin
A look at how we try to make our architecture robust, resilient and fun to work with: Namshi is not github or spotify but... ...imitation is the sincerest form of flattery!
Docker - container and lightweight virtualization Sim Janghoon
Docker is an open platform for building, shipping and running distributed applications. It uses containers, which are lightweight and portable execution environments, to isolate applications and their dependencies from one another. Containers are created from Docker images, which are templates that contain binaries, libraries and configuration files needed to run an application. Namespaces and control groups allow containers to share resources on the host machine while maintaining isolation.
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk was delivered at DockerCon Europe 2015 in Barcelona.
This document summarizes tools and techniques for open source network testing, including testing routers and Wi-Fi networks with multiple concurrent clients to evaluate performance under real-world conditions. It describes using tools like net-hydra, netburn, and whenits to automate testing across multiple client devices and collect throughput and latency statistics. The document advocates an approach of testing networks with multiple concurrent activities like downloading, browsing, VoIP calls, and streaming to evaluate how equipment handles collision domains under more challenging real-world loads.
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Running Cassandra in a docker environment to give you a flexible development environment that uses only a very small set of resources, both locally and with your favorite cloud provider. Lessons learned running Cassandra with a very small set of resources are applicable to both your local development environment and larger, less constrained production deployments.
From http://www.meetup.com/Docker-Santa-Clara/events/232789407/
Docker Tips And Tricks at the Docker Beijing MeetupJérôme Petazzoni
This talk was presented in October at the Docker Beijing Meetup, in the VMware offices.
It presents some of the latest features of Docker, discusses orchestration possibilities with Docker, then gives a briefing about the performance of containers; and finally shows how to use volumes to decouple components in your applications.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
The document discusses the security of running applications in Linux containers. It begins by acknowledging that containers were not originally designed with security in mind. However, it then outlines several techniques that can be used to improve security, such as running containers without root privileges, dropping capabilities, enabling security modules like SELinux, and limiting access to devices and system calls. For the most security-sensitive tasks, it recommends running containers inside virtual machines to isolate them further. In the end, it argues that with the right precautions, containers can be used securely for many applications.
Scaling and Managing Cassandra with docker, CoreOS and PrestoVali-Marius Malinoiu
This document discusses technologies for building scalable distributed applications including Docker for containerization, CoreOS for clustering, and Presto for querying. Docker allows building and sharing portable applications without dependencies. CoreOS uses Etcd for reliable storage, Fleet for service deployment and management, and Flannel for networking containers across machines. Presto is presented as a distributed SQL query engine that can combine data from multiple sources like Hadoop and Cassandra at scale.
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
Ric Lister presents patterns for running Docker in production on CoreOS, including a simple homogeneous operations cluster where sidekick units announce services in etcd and a reverse proxy discovers them, an etcd and workers pattern for low-traffic sites behind a load balancer, and an immutable servers pattern without etcd for high-traffic microservices with strict change control. He also discusses logging to ship container output off hosts, various monitoring options, alternative operating systems like RancherOS and Atomic, and scheduler options like Kubernetes, Mesos, and Deis.
Bare Metal to OpenStack with Razor and ChefMatt Ray
Razor is an open source provisioning tool that was originally developed by EMC and Puppet Labs. It can discover hardware, select images to deploy, and provision nodes using model-based provisioning. The demo showed setting up a Razor appliance, adding images, models, policies, and brokers. It then deployed an OpenStack all-in-one environment to a new VM using Razor and Chef. The OpenStack cookbook walkthrough explained the roles, environments, and cookbooks used to deploy and configure OpenStack components using Chef.
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Jérôme Petazzoni
If you're not familiar yet with Docker, here is your chance to catch up. This presentation includes a quick overview of the Open Source Docker Engine, and its associated services delivered through the Docker Hub. Recent features are listed, as well as a glimpse at what's next in the Docker world.
This presentation was given during OSCON, at a meet-up hosted by New Relic, with co-presentations from CoreOS and Rackspace OnMetal.
Docker networking uses Linux bridges which only connect containers on the same host. Containers cannot communicate across hosts. NAT and iptables are used to expose container ports to external networks. Docker's process model runs containers as child processes of the Docker daemon, so if the daemon fails all containers will fail. Alternative container runtimes like Rocket have a more robust process model.
Docker from A to Z, including Swarm and OCCSFrank Munz
This document provides an overview of Docker from A to Z including using Docker with Oracle Container Cloud Service. It discusses basics of Docker including how it provides isolation using Linux namespaces and cgroups. It compares Docker containers to virtual machines and covers Docker images, containers, limitations, networking, security concerns and suggestions. It also discusses using Docker with Oracle technologies including Dockerfiles on GitHub, the Oracle Container Registry, and Oracle Container Cloud Service.
KVM and docker LXC Benchmarking with OpenStackBoden Russell
Passive benchmarking with docker LXC and KVM using OpenStack hosted in SoftLayer. These results provide initial incite as to why LXC as a technology choice offers benefits over traditional VMs and seek to provide answers as to the typical initial LXC question -- "why would I consider Linux Containers over VMs" from a performance perspective.
Results here provide insight as to:
- Cloudy ops times (start, stop, reboot) using OpenStack.
- Guest micro benchmark performance (I/O, network, memory, CPU).
- Guest micro benchmark performance of MySQL; OLTP read, read / write complex and indexed insertion.
- Compute node resource consumption; VM / Container density factors.
- Lessons learned during benchmarking.
The tests here were performed using OpenStack Rally to drive the OpenStack cloudy tests and various other linux tools to test the guest performance on a "micro level". The nova docker virt driver was used in the Cloud scenario to realize VMs as docker LXC containers and compared to the nova virt driver for libvirt KVM.
Please read the disclaimers in the presentation as this is only intended to be the "chip of the ice burg".
Docker containers are other piece of the new Connections architecture that makes it a highly extensible and flexible collaboration platform. Flashing back to IBM Connect 17 in San Francisco, I knew Docker was going to be a topic of high interest as the Docker session was standing room only. Predicated on this I decided to conduct an introduction to Docker session at Social Connections 11.
Puppet is automation software that helps system administrators manage infrastructure by automating provisioning, configuration, and other repetitive tasks. It ensures consistency and stability. Puppet consists of a Puppet Master and Puppet Agents. Vagrant provides a way to easily create and configure virtual development environments using configuration files and automation (e.g. Puppet). It uses Oracle VirtualBox and allows specifying and provisioning resources. Benefits include consistent environments for development, testing, and teams.
It's presentation for technet 2015 in korea.
I changed the format to pptx,
목차는 아래와 같습니다.
Openstack 인프라 구축 (4 node 구성) [ 30분]
Openstack 위에 VM 생성 [ 20분 ]
docker 구축 기초 [ 30분]
오픈스택에 docker를 연결 [ 30분]
Docker로 WEB서비스 구축 [ 15분]
Openstack 위에 Docker로 WEB서비스 구축 [ 15분]
Docker로 jenkins 구현 [30분]
Performance characteristics of traditional v ms vs docker containers (dockerc...Boden Russell
Docker containers provide significantly lower resource usage and higher density than traditional virtual machines when running multiple workloads concurrently on a server.
When booting 15 Ubuntu VMs with MySQL sequentially, Docker containers boot on average 3.5 seconds compared to 5.8 seconds for KVMs. During steady state operation of 15 active VMs, Docker uses on average 0.2% CPU and 49MB RAM per container, while KVMs use 1.9% CPU and 292MB RAM each. Docker maintains low 1-minute load averages of 0.15, while KVMs average 35.9% under load.
geOrchestra is the free, modular and secure Spatial Data Infrastructure software born in 2009 to meet the requirements of the INSPIRE directive in Europe. It is built on top of the latest stable versions of GeoServer and GeoNetwork. In this talk we will briefly present the geOrchestra SDI, before going through the major contributions during the previous year, to answer the following questions:
* how the project moved from tainted to generic artifacts (war files, debian packages, docker images)
* how to deploy a geOrchestra SDI instance in 10 minutes
* how to build your robust, high performance and high availability SDI in the clouds.
Deploying 3 times a day without a downtime @ Rocket Tech Summit in BerlinAlessandro Nadalin
A look at how we try to make our architecture robust, resilient and fun to work with: Namshi is not github or spotify but... ...imitation is the sincerest form of flattery!
Introduction to Docker - Learning containerization XP conference 2016XP Conference India
Docker containers package applications and their dependencies to run consistently regardless of environment. Containers are more lightweight than virtual machines and use fewer resources. Docker images define the components of containers. The Dockerfile defines how to build images. Docker Compose defines multi-container applications through a YAML file specifying images, networking, volumes etc.
Using docker to develop NAS applicationsTerry Chen
This document introduces using Docker to develop NAS applications. It begins with an overview of Docker and containers, then demonstrates how to build Docker images, run containers, and deploy NAS applications as Docker containers using Container Station. It also addresses some common questions about Docker including how to skip Container Station initialization, debug closed containers, backup container data, access NAS information from containers, and resources for learning Docker.
Hybrid Mobile Development with Apache Cordova and Ryan Cuprak
Apache Cordova is used to wrap HTML5 applications into native mobile applications that can access device capabilities. A demo application was shown that used Cordova for the mobile portion and Java EE 7 on the server side. Key technologies discussed included Cordova plugins, RESTful web services, Java API for JSON, and Java API for WebSockets for bidirectional communication between the mobile app and server. jQuery Mobile was also mentioned as a potential UI framework.
Docker "Global Mentor Week" is your opportunity to #learndocker. to learn how to build, ship, and run modern distributed applications with ease. thanks to the Docker platform.
Right now, Docker has developed out a series of self-paced online labs that will be available during the meetup. Docker’s meetup groups worldwide are hosting a series of complimentary events to help newcomers and intermediate users learn Docker.
We'll have hands-on labs for both beginners and intermediate users, labs targeting both developers and operations. There is something for everyone. Docker mentor will be on hand at this event to help you prepare. and work through the self-paced materials. Bring your laptop, have fun and learn Docker!
Hybrid Mobile Development with Apache Cordova and Java EE 7 (JavaOne 2014)Ryan Cuprak
Java EE 7 provides a strong foundation for developing the back end for your HTML5 mobile applications. This heavily code-driven session shows you how you can effectively utilize Java EE 7 as a back end for your Apache Cordova mobile applications. The session demonstrates Java EE 7 technologies such as JAX-RS 2.0, WebSocket, JSON-P, CDI, and Bean Validation. It provides an overview of the basics of Apache Cordova as well as the tooling support added in NetBeans 8. The session also demonstrates an integrated approach to rapidly developing HTML5 mobile applications with Java EE 7 and NetBeans and concludes with best practices and pitfalls.
Building a private CI/CD pipeline with Java and Docker in the Cloud as presen...Baruch Sadogursky
A private Java (Maven or Gradle) repository as a service can be setup in the cloud. A private Docker registry as a service can be easily setup in the cloud. But what if you want to build a holistic CI/CD pipeline, and on the cloud of YOUR choice?
In this talk Baruch will take you through steps of setting up a universal artifact repository, which can serve for both Java and Docker. You’ll learn how to build a CI/CD pipeline with traceable metadata from the Java source files all the way to Docker images. Amazon, Azure, and Google Cloud (do you have setup that works on these?) will be used as an example although the recipes shown would be applicable to other cloud as well.
This document introduces Docker containers. It begins by explaining that Docker solves the problem of inconsistent environments by packaging applications with all their dependencies into standardized units called containers. It then defines what a Docker image is, as a read-only template with layered filesystem changes that form the basis for containers. Finally, it describes how containers are running instances of images that isolate processes but share resources with the host machine, making them lightweight and portable compared to virtual machines.
Containers brought new approach for implementation of DevOps workflows. So our CEO, Ruslan Synytsky, devoted a speech to this topic during Madrid meetup and described in details how Java developers can get benefits from Docker containers in Jelastic Cloud.
This document discusses Docker and Java. It provides an agenda that includes Docker fundamentals, running Java applications in containers, a Hello World example from a Java container, deploying a SpringBoot app in a container, and multi-container deployments. It also discusses extras like CI/CD on premises vs cloud-based deployment and interacting with Docker from Java applications.
Top 50 java ee 7 best practices [con5669]Ryan Cuprak
JavaOne 2016
This session provides 50 best practices for Java EE 7, with examples. The best practices covered focus primarily on JPA, CDI, JAX-WS, and JAX-RS. In addition, topics involving testing and deployment are covered. This presentation points out where best practices have changed, common misconceptions, and antipatterns that should be avoided. This is a fast-paced presentation with many code samples.
This one day training covers topics related to building mobile apps with the Ionic Framework including JavaScript, AngularJS, PhoneGap/Cordova, plugins, debugging, and more. The agenda includes introductions to JavaScript concepts like hoisting, closures, and object literals as well as frameworks like AngularJS and tools like PhoneGap/Cordova. The training aims to provide attendees with the skills needed to create good looking, well-performing mobile apps for clients.
50 EJB 3 Best Practices in 50 Minutes - JavaOne 2014Ryan Cuprak
This session provides 50 best practices for EJB 3 in 50 minutes with examples. These best practices involve not only EJB 3.2 but also its integration with other Java EE 7 technologies, not only coding best practices but also testing and production practices. The presentation targets Java EE 7 and also points out where best practices have changed, what patterns you should embrace, and antipatterns to avoid. This is a fast-paced presentation with many code samples. Categories covered include configuration, JPA, concurrency, testing, performance tuning, exception handling, CDI integration, JMS queue patterns, pattern changes, and many more.
Microservices Minus the Hype: How to Build and WhyMark Heckler
The presenter examines the ups & downs of adopting a microservices architecture and discusses why, in most cases, the pros outweigh the cons. In this presentation, participants see how to build & integrate microservices using popular open source tools and risks & mitigation strategies (including load balancers, circuit breakers, tests, & more) to increase software quality.
On Thursday the 28th of January 2016, Anthony Dahanne gave a talk on how to leverage Docker to package Java applications.
After a quick introduction to Docker principles, Anthony showed some demos (available on github) on how to create Docker images for simple and not so simple Java webapps.
Then, he went on with CI/CD examples, and finished with a quick intro to the Docker Java API.
http://blog.dahanne.net/2016/01/31/docker-and-java-notes-from-the-montreal-jug-presentation/
Docker is not just about deploying containers to hundreds of servers. Developers need tools that help with day-to-day tasks and to do their job more effectively. Docker is a great addition to most workflows, from starting projects to writing utilities to make development less repetitive. Docker can help take care of many problems developers face during development such as “it works on my machine” as well as keeping tooling consistent between all of the people working on a project. See how easy it is to take an existing development setup and application and move it over to Docker, no matter your operating system.
This document provides an overview of advanced Docker topics including Docker installation, Docker networking using bridges and volumes, and creating Dockerfiles. It discusses installing Docker on CentOS, the different types of Docker networks including bridge, host, overlay and macvlan. It also covers creating and managing Docker volumes, starting containers with volumes, and creating Dockerfiles with components like FROM, RUN, COPY and ENTRYPOINT.
This document provides an overview and instructions for Docker installation, networking, volumes, and Dockerfiles. It discusses installing Docker on CentOS, the different network drivers including bridge, and how to create and manage user-defined bridges and volumes. It also explains the components and usage of Dockerfiles to build images, including base images, environment variables, copying files, setting entrypoints and commands. The document includes examples of building an image locally and pushing it to a Docker repository.
Docker and Puppet for Continuous IntegrationGiacomo Vacca
Today developers want to change the code, build and deploy often, even several times per day.
New versions of software may need to be tested on different distributions, and with different configurations.
Achieving this with Virtual Machines it’s possible, but it’s very resource and time consuming. Docker provides an incredibly good solution for this, in particular if combined with Continuous Integration tools like Jenkins and Configuration Management tools like Puppet.
This presentation focuses on the opportunities to configure automatically Docker images, use Docker containers as disposable workers during your tests, and even running your Continuous Integration system inside Docker.
Docker is a tool that allows developers to package applications and dependencies into containers that can be run anywhere. The document discusses how Docker eliminates complexity by allowing developers to build, ship and run distributed applications using containers. It provides instructions on how to install Docker and create a simple "hello world" Docker container to demonstrate its basic functionality.
Running the Oracle SOA Suite Environment in a Docker ContainerGuido Schmutz
Running the Oracle SOA Suite Environment in a Docker Container
The document discusses running the Oracle SOA Suite environment in a Docker container. It begins with an introduction to Docker and its benefits over virtual machines. It then demonstrates various Docker commands like run, logs, images, ps to launch and manage containers. It also covers building custom images using Dockerfiles. The document provides examples to showcase common Docker tasks like committing changes to an image, pulling images, stopping and removing containers.
This document provides an overview of DevOPS concepts including containers, Docker, and related tools. It discusses what containers are and the differences between virtual machines and containers. It then covers how containers can be used by developers and systems engineers. Docker is introduced as a tool for running and managing containers. Dockerfiles are described as documents for assembling container images. Docker Compose is presented as a tool for defining and running multi-container applications. Examples are given for creating a simple container with Dockerfile and running it locally and sharing it publicly. Monitoring tools like cAdvisor are mentioned. The document ends with discussing continuous integration/deployment using tools like Gitlab and Jenkins to automate the build and deployment process.
Presentation for introduction docker container concept and beginner of docker swarm
Finally, I'll demo monitor project with prometheus and show lab for any step.
Docker provides a new, powerful way of prototyping, testing and deploying applications on cloud-based infrastructures. In this seminar we delve into the concept of Docker containers without requiring any previous knowledge from the audience.
This document discusses using Docker for development and delivery environments. It begins with an introduction to Docker, explaining that it is an open platform for building, shipping and running distributed applications using lightweight containers. It then covers benefits of Docker like portability and reduced dependencies compared to traditional VMs. The document shows how to install and configure Docker, build Docker images from Dockerfiles, run containers from images using docker-compose, modify images and redeploy them. It also discusses using Docker to build microservices applications with independent, upgradeable services in separate containers.
The document provides an overview of getting started with Docker. It discusses what Docker is, how containerization differs from virtualization, and how to install Docker. It covers building Docker images using Dockerfiles, the difference between images and containers, and common Docker commands. The document also compares traditional deployment workflows to those using Docker, demonstrating how Docker can help ensure consistency across environments.
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
This document discusses Docker networking components and common issues. It covers Docker networking drivers like bridge, host, overlay, topics around Docker daemon access and configuration behind firewalls. It also discusses container networking best practices like using user-defined networks instead of links, connecting containers to multiple networks, and connecting managed services to unmanaged containers. The document is intended to help troubleshoot Docker networking issues.
Bartosz Tkaczewski - Przygód z Dockerem ciąg dalszy
http://www.tsh.io
Docker jest zauważalny już niemal wszędzie. Na prezentacji zobaczysz działające środowisko developerskie, poznasz kilka sztuczek, jak sobie z nim dobrze radzić i efektywnie pracować, zobaczysz też, jak szybko można prosty projekt wzbogacić o zaawansowane stacki aplikacji (na przykładzie ELK). Postaram się również opowiedzieć, jak można sobie z tym potworkiem poradzić na produkcji.
Prezentacja z Uszanowanka Programowanka #16 - http://www.meetup.com/Uszanowanko-Programowanko/events/234826115/
The document provides an overview of Docker fundamentals, including an introduction to Docker and containerization, how to install Docker on various platforms, and how to use basic Docker commands to run containers from images. It covers topics such as Docker architecture, images vs containers, managing containers, networking, Docker Compose, and how Docker is implemented using Linux kernel features like namespaces and cgroups.
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsElasTest Project
This document discusses using Docker to build and test applications in laptops and Jenkins. It begins with an introduction to the author and their background/expertise. It then covers virtualization and containers, including VirtualBox, Vagrant, and Docker. The main concepts of Docker like images, containers, registries are defined. Hands-on examples are provided for running basic Docker commands, managing the lifecycle of containers, exposing network services, and managing Docker images. Building a simple Python web application image is demonstrated as a first example of creating a custom Docker image.
1. Docker is a container platform that packages applications and dependencies to run seamlessly in any computing environment. It helps eliminate issues caused by differences in computing environments.
2. Kitematic provides a graphical user interface for Docker that makes it easy to run Docker containers without using the command line. It allows visually managing containers.
3. The Docker CLI can be used to run containers by pulling images from Docker Hub, a registry for Docker images, and using commands like docker run to launch containers from those images.
This document introduces Docker Swarm for clustering Docker hosts into a single virtual host. It discusses using Swarm with Consul and an overlay network. Key points:
- Docker Swarm turns a pool of Docker hosts into a single virtual host with a standard API.
- Consul provides service discovery, key-value storage, and health checking.
- An overlay network allows containers on different hosts to communicate, with networking defined by Docker but implemented by the hosts' kernels.
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
The document provides tips and tricks for using Docker including:
1) Installing Docker on Linux in an easy way allowing choice of channel and version.
2) Setting up a local Docker Hub mirror for caching and revalidating images.
3) Using docker inspect to find containers that exited with non-zero codes or show commands for running containers.
4) Organizing docker-compose files with extensions, environment variables, anchors and aliases for well structured services.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
When it is all about ERP solutions, companies typically meet their needs with common ERP solutions like SAP, Oracle, and Microsoft Dynamics. These big players have demonstrated that ERP systems can be either simple or highly comprehensive. This remains true today, but there are new factors to consider, including a promising new contender in the market that’s Odoo. This blog compares Odoo ERP with traditional ERP systems and explains why many companies now see Odoo ERP as the best choice.
What are ERP Systems?
An ERP, or Enterprise Resource Planning, system provides your company with valuable information to help you make better decisions and boost your ROI. You should choose an ERP system based on your company’s specific needs. For instance, if you run a manufacturing or retail business, you will need an ERP system that efficiently manages inventory. A consulting firm, on the other hand, would benefit from an ERP system that enhances daily operations. Similarly, eCommerce stores would select an ERP system tailored to their needs.
Because different businesses have different requirements, ERP system functionalities can vary. Among the various ERP systems available, Odoo ERP is considered one of the best in the ERp market with more than 12 million global users today.
Odoo is an open-source ERP system initially designed for small to medium-sized businesses but now suitable for a wide range of companies. Odoo offers a scalable and configurable point-of-sale management solution and allows you to create customised modules for specific industries. Odoo is gaining more popularity because it is built in a way that allows easy customisation, has a user-friendly interface, and is affordable. Here, you will cover the main differences and get to know why Odoo is gaining attention despite the many other ERP systems available in the market.
4. Edge Computing
DCThing
Own by Telco
Base station
Own by entities
Malls, schools, clinics
Voluntary Computing
Laptops, desktops, smartphones
ETSI – European Telecommunication Standards Institute
Control
QoS
Control
QoS
5. Motivation
• Put control at uncontrolled environment
• Only allow image/workload that is sanction to
run on the remote resources
8. Docker Plugin
• Docker plugins are out-of-process extensions
which add capabilities to the Docker Engine.
• They come in specific types. For example, a volume
plugin might enable Docker volumes to persist across
multiple Docker hosts and a network plugin might
provide network plumbing.
• A plugin is a process running on the same or a different
host as the docker daemon, which registers itself by
placing a file on the same docker host in one of the
plugin directories described in Plugin discovery.
https://docs.docker.com/engine/extend/plugins/
9. Plugin Discovery
• Docker discovers plugins by looking for them in the plugin
directory whenever a user or container tries to use one by
name.
• There are three types of files which can be put in the plugin
directory.
– .sock files are UNIX domain sockets.
– .spec files are text files containing a URL, such
as unix:///other.sock or tcp://localhost:8080.
– .json files are text files containing a full json specification for the
plugin.
• Plugins with UNIX domain socket files must run on the
same docker host, whereas plugins with spec or json files
can run on a different host if a remote URL is specified.
https://docs.docker.com/engine/extend/plugin_api/
10. Plugin API design
• The Plugin API is RPC-style JSON over HTTP, much like
webhooks.
• Requests flow from the Docker daemon to the plugin. So
the plugin needs to implement an HTTP server and bind
this to the UNIX socket mentioned in the “plugin discovery”
section.
• All requests are HTTP POST requests.
• The API is versioned via an Accept header, which currently
is always set to application/vnd.docker.plugins.v1+json.
12. Plugin Type
Plugin Type Description Documentation
Authorization Extend API authorization
mechanism
https://docs.docker.com/engine/ext
end/authorization/
Network Extend network management https://docs.docker.com/engine/ext
end/plugins_network/
Volume Extend persistent storage https://docs.docker.com/engine/ext
end/plugins_volume/
IPAM Extend IP address management https://github.com/docker/libnetwo
rk/blob/master/docs/ipam.md
13. Volume Plugin
• Docker Engine volume plugins enable Engine
deployments to be integrated with external storage
systems, such as Amazon EBS, and enable data
volumes to persist beyond the lifetime of a single
Engine host.
• A volume plugin makes use of the -v and --volume-
driver flag on the docker run command. The -v flag
accepts a volume name and the--volume-driver flag a
driver type, for example:
– $ docker run -ti -v volumename:/data --volume-
driver=flocker busybox sh
https://docs.docker.com/engine/extend/plugins_volume/
15. Network Plugin
• Docker Engine network plugins enable Engine
deployments to be extended to support a
wide range of networking technologies, such
as VXLAN, IPVLAN, MACVLAN or something
completely different.
17. Example Network plugin: Weave Net
https://www.weave.works/products/weave-net/
Weave Net creates a virtual network that connects Docker containers deployed
across multiple hosts. To application containers, the network established by
Weave resembles a giant Ethernet switch, where all containers are connected
and can easily access services from one another.
18. Weave Net Demo
• Install weave on 2 hosts
– sudo curl -L git.io/weave -o /usr/local/bin/weave
– sudo chmod a+x /usr/local/bin/weave
• Launch weave on both hosts
– weave launch <ip peer host>
fairus@ubuntu:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21e88b0b71e7 weaveworks/plugin:1.5.0 "/home/weave/plugin" 21 minutes ago Up 21 minutes
weaveplugin
4ff36b0361b0 weaveworks/weaveexec:1.5.0 "/home/weave/weavepro" 21 minutes ago Up 21 minutes weaveproxy
b9944c11dadf weaveworks/weave:1.5.0 "/home/weave/weaver -" 21 minutes ago Up 21 minutes weave
– check connection status
fairus@ubuntu:~$ weave status connections
-> 192.168.56.101:6783 established fastdp 56:d7:c9:8e:d3:c3(ubuntu)
– If fail reset and launch again
• weave reset; weave launch <ip peer host>
19. Weave Net Demo
• Test the weave network
– List weave network
fairus@ubuntu:~$ docker network ls
NETWORK ID NAME DRIVER
88033f39d3bf bridge bridge
02ae59ef8859 docker_gwbridge bridge
f610c728464c host host
41b5fa0b4ff7 none null
ff85a0ceb3cd weave weavemesh
– Run cntrn on both hosts
• docker run --net weave -it alpine sh
– Ping each other using ipaddress
– Run cntrn with hostname on both machine
• docker run --net weave -h c1.weave.local $(weave dns-args) -it alpine sh
• docker run --net weave -h c2.weave.local $(weave dns-args) -it alpine sh
– From the cntr ping each other using hostname (i.e. c1 & c2)
– From host check the dns entry
fairus@ubuntu:~$ weave status dns
c1 10.32.0.1 47097e28f5ee 56:d7:c9:8e:d3:c3
c2 10.40.0.1 acd772f5b19e 3e:40:22:84:b7:e7
20. Authorization Plugin
• An authorization plugin approves or denies
requests to the Docker daemon based on both the
current authentication context and the
command context.
• The authentication context contains all user details and the
authentication method.
• The command context contains all the relevant request
data.
23. What is Image Whitelist
• https://github.com/fairuskhalid/whitelist
• Image Whitelist Docker plugin implementation
is based on Docker Authorization plugin
model. The plugin will look for the allowed
images from the whitelist before an image can
be run. With this the owner or administrator
of the host machine can control what can be
run on the machine.
25. Setup
• To use image whitelist plugin
– Install docker
– Pull image whitelist plugin from docker hub
– Try out the image whitelist
• To update and build the code
– Install go
– Setup environment
– Install make
– Build
27. Try out image whitelist
• Pull the image from docker hub
– docker pull fairus/wlserver:v1
– docker pull fairus/wlplugin:v1
• Run the container
– docker run -d --restart=always -p 8080:8080
fairus/wlserver:v1
– docker run -d --restart=always -v /var/run:/var/run -v
/run/docker/plugins/:/run/docker/plugins -v
/etc/group:/etc/group fairus/wlplugin:v1 /wlplugin -
wlhost http://localhost:8080/getlist
28. Try out image whitelist
# pull image from docker hub
fairus@ubuntu:~$ docker pull fairus/wlserver:v1
fairus@ubuntu:~$ docker pull fairus/wlplugin:v1
# run the plugin and server
fairus@ubuntu:~$ docker run -d --restart=always -p 8080:8080 fairus/wlserver:v1
fairus@ubuntu:~$ docker run -d --restart=always -v /var/run:/var/run -v
/run/docker/plugins/:/run/docker/plugins -v /etc/group:/etc/group fairus/wlplugin:v1
/wlplugin -wlhost http://192.168.56.101/getlist
# update docker service in systemd
root@ubuntu:/run/docker/plugins# systemctl edit --full docker.service
.. .
ExecStart=/usr/bin/docker daemon -H fd:// --authorization-plugin=whitelist-plugin
.. .
# restart docker service
root@ubuntu:/run/docker/plugins# service docker restart
Terminal 1
Terminal 2
root user
# try run alpine container
fairus@ubuntu:~$ docker run -it alpine sh
docker: Error response from daemon: authorization denied by plugin whitelist-plugin:
Unauthorized Image.
Terminal 1
29. Try out image whitelist
# check alpine image id
fairus@ubuntu:~$ docker inspect alpine | grep Id
"Id": "sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac",
# copy whitelist.dat from wlserver container to the host
fairus@ubuntu:~$ docker ps | grep wlserver
5c561b1cd9b2 fairus/wlserver:v1 "/wlserver" 24 minutes ago
Up 21 minutes 0.0.0.0:8080->8080/tcp prickly_jang
fairus@ubuntu:~$ docker cp 5c561b1cd9b2:whitelist.dat whitelist.dat
fairus@ubuntu:~$ ls
goenv.sh src whitelist.dat work
# update whitelist.dat with alpine image id and copy back into wlserver container
fairus@ubuntu:~$ docker inspect alpine | grep Id
"Id": "sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac",
fairus@ubuntu:~$ echo sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac
> whitelist.dat
fairus@ubuntu:~$ docker cp whitelist.dat 5c561b1cd9b2:whitelist.dat
# wait for couple of minutes before run the alpine container again
fairus@ubuntu:~$ docker cp whitelist.dat 5c561b1cd9b2:whitelist.dat
fairus@ubuntu:~$ docker run -it alpine sh
/ #
Terminal 1
30. Setup Build Environment
• Install go
– follow guide in: https://golang.org/doc/install
– wget https://storage.googleapis.com/golang/go1.6.2.linux-amd64.tar.gz
– sudo tar -C /usr/local -xzf go1.6.2.linux-amd64.tar.gz
– export PATH=$PATH:/usr/local/go/bin
• Test go
– go version
• Create and export working dir (e.g. work)
– mkdir work
– export GOPATH=$HOME/work
• Install godep
– go get github.com/tools/godep
• Install make
– sudo apt-get install make
31. Going Through The Code
• Go helpers package:
– https://github.com/docker/go-plugins-helpers
– https://godoc.org/github.com/docker/go-plugins-helpers/authorization
33. build and run plugin
# build the code
fairus@ubuntu:wshop$ go build -o wplugin main.go
fairus@ubuntu:wshop$ ls -l
total 8200
-rw-rw-r-- 1 fairus fairus 624 May 10 08:15 main.go
-rwxrwxr-x 1 fairus fairus 8382368 May 10 08:46 wplugin
# run the plugin
fairus@ubuntu:wshop$ sudo ./wplugin
# check the plugin is running
root@ubuntu:/run/docker/plugins# ls -l
total 0
srw-rw---- 1 root root 0 May 10 08:47 plugin.sock
srwxr-xr-x 1 root root 0 May 9 15:39 weavemesh.sock
srwxr-xr-x 1 root root 0 May 9 15:39 weave.sock
Terminal 1
Terminal 2
root user
34. setup dockerd & run test
# update docker service in systemd
root@ubuntu:/run/docker/plugins# systemctl edit --full docker.service
.. .
ExecStart=/usr/bin/docker daemon -H fd:// --authorization-plugin=plugin
.. .
# restart docker service
root@ubuntu:/run/docker/plugins# service docker restart
# try it out
root@ubuntu:/run/docker/plugins# docker ps
Terminal 2
Root user
# kill the plugin
fairus@ubuntu:wshop$ sudo ./wplugin
^C
# try it out again
root@ubuntu:/run/docker/plugins# docker ps
Error response from daemon: plugin plugin failed with error: Post
http://%2Frun%2Fdocker%2Fplugins%2Fplugin.sock/AuthZPlugin.AuthZReq: dial
unix /run/docker/plugins/plugin.sock: connect: connection refused
Terminal 2
Root user
Terminal 1
35. Looking at the message
https://github.com/docker/docker/blob/master/pkg/authorization/api.go
36. build and run again
This how the message looks like. Now we can add in our logic.
37. Image whitelist implementation
• Package engineapi provides libraries to implement client and server
components compatible with the Docker engine. The client package in
github.com/docker/engine-api/client implements all necessary requests to
implement the official Docker engine cli.
– Create a new client, then use it to send and receive messages to the Docker
engine API:
defaultHeaders := map[string]string{"User-Agent": "engine-api-cli-1.0"}
cli, err := client.NewClient("unix:///var/run/docker.sock", "v1.22", nil, defaultHeaders)
– https://godoc.org/github.com/docker/engine-api
• This library implements a cron spec parser and runner.
– https://godoc.org/github.com/robfig/cron
• Package logrus is a structured logger for Go, completely API compatible
with the standard library logger.
– https://godoc.org/github.com/Sirupsen/logrus
38. Build and Package
• Get the code from github using go
– go get github.com/fairuskhalid/whitelist
• Restore the dependencies (this will take a while)
– cd $HOME/work/src/github.com/fairuskhalid/whitelist
– godep restore
• Build
– make
• Create a docker image
– cp wlplugin executable and Dockerfile.plugin into empty
dir
– Rename Dockerfile.plugin into Dockerfile
– docker build –t plugin .