Building a production-ready, fully-scalable Docker Swarm using Terraform & Packer on OpenStack.
Download as PPTX, PDF0 likes426 views
The document discusses scaling applications using Docker Swarm in combination with Packer, Terraform, and OpenStack. It outlines practical implementations, including cluster management, service discovery, and load balancing. The author, Bobby Deveaux, emphasizes the benefits of using these tools in DevOps practices and shares code snippets for deployment and infrastructure management.
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Packer template.json
32
{
"variables": {
"aws_access_key": "",
"aws_secret_key": ""
},
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "us-east-1",
"source_ami": "ami-fce3c696",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "packer-example {{timestamp}}"
}]
}](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-20-320.jpg)
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Ansible Provisioning
33
"provisioners": [
{
"type": "shell",
"inline": [
"rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm",
"yum -y update",
"yum -y install ansible",
"ansible --version"
]
},{
"type": "ansible-local",
"playbook_file": "./ansible/playbook.yml",
"role_paths": [
"./ansible/roles/init",
"./ansible/roles/server",
"./ansible/roles/mongodb",
"./ansible/roles/php7",
"./ansible/roles/nginx",
"./ansible/roles/supervisord",
"./ansible/roles/redis"
],
"group_vars": "./ansible/common/group_vars"
}](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-21-320.jpg)
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Build Docker Images Regularly
43
#!/bin/bash
VERSION=1
CONTAINER=$1
BUILD_NUMBER=$2
if [[ $CONTAINER == 'all' ]];
then
for CONTAINER in php-fpm nginx dynamodb consul;
do
docker build ./$CONTAINER -t bobbydvo/ukc_$CONTAINER:latest
docker tag bobbydvo/ukc_$CONTAINER:latest bobbydvo/ukc_$CONTAINER:$VERSION.$BUIL
done
exit
fi
docker build ./$CONTAINER -t bobbydvo/ukc_$CONTAINER:latest
docker tag bobbydvo/ukc_$CONTAINER:latest bobbydvo/ukc_$CONTAINER:$VERSION.$BUILD_NUMBER
docker push bobbydvo/ukc_$CONTAINER:latest
docker push bobbydvo/ukc_$CONTAINER:$VERSION.$BUILD_NUMBER](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-23-320.jpg)
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Building DummyPHP Docker Image
48
FROM bobbydvo/ukc_php-fpm:latest
WORKDIR /srv
COPY . /srv/
WORKDIR /srv
RUN composer install
CMD ["/usr/bin/supervisord","-n","-c","/etc/supervisord.conf"]](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-28-320.jpg)
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Terraform Build Infrastructure - Manager1
51
resource "openstack_compute_instance_v2" "swarm_manager" {
name = "swarm_manager_0"
count = 1
#coreos-docker-alpha
image_id = "0fe61d2f-0f9b-4dc8-8706-b45771f86d10"
flavor_id = "7d73f524-f9a1-4e80-bedf-57216aae8038"
key_pair = "${openstack_compute_keypair_v2.test-keypair.name}"
security_groups = ["${openstack_compute_secgroup_v2.example_secgroup_1.name}"]
user_data = "${data.template_file.cloudinit.rendered}"
network {
name = "${openstack_networking_network_v2.example_network1.name}"
floating_ip = "${openstack_networking_floatingip_v2.example_floatip_manager.address}"
}](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-31-320.jpg)
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Terraform - Master X
54
resource "openstack_compute_instance_v2" "swarm_managerx" {
name = "swarm_manager_${count.index+1}"
count = 2
#coreos-docker-beta
image_id = "0fe61d2f-0f9b-4dc8-8706-b45771f86d10"
flavor_id = "7d73f524-f9a1-4e80-bedf-57216aae8038"
key_pair = "${openstack_compute_keypair_v2.test-keypair.name}"
security_groups = ["${openstack_compute_secgroup_v2.example_secgroup_1.name}"]
user_data = "${data.template_file.managerinit.rendered}"
network {
name = "${openstack_networking_network_v2.example_network1.name}"
}
}](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-34-320.jpg)
![https://joind.in/talk/a76ea @bobbyjason #doxlon
Adding Workers
58
resource "openstack_compute_instance_v2" "swarm_slave" {
name = "swarm_slave_${count.index}"
count = "${var.swarm_node_count}"
#coreos-docker-beta
image_id = "0fe61d2f-0f9b-4dc8-8706-b45771f86d10"
flavor_id = "c46be6d1-979d-4489-8ffe-e421a3c83fdd"
key_pair = "${openstack_compute_keypair_v2.test-keypair.name}"
security_groups = ["${openstack_compute_secgroup_v2.example_secgroup_1.name}"]
user_data = "${data.template_file.slaveinit.rendered}"
network {
name = "${openstack_networking_network_v2.example_network1.name}"
}
}](https://image.slidesharecdn.com/pp-docker-swarm-doxlon-28th-march-2017-170403051058/85/Building-a-production-ready-fully-scalable-Docker-Swarm-using-Terraform-Packer-on-OpenStack-37-320.jpg)
Building a production-ready, fully-scalable Docker Swarm using Terraform & Packer on OpenStack.
- 1. Scaling With Docker Swarm using Packer, Terraform & OpenStack Bobby DeVeaux - March 28th 2017 https://joind.in/talk/a76ea
- 2. https://joind.in/talk/a76ea @bobbyjason #doxlon • Created my first website at 9 Years old in 1995 😮 • Started coding PHP in 2001 - 16 years ago • Developer, Team Leader, CTO, Director & Consultant • Been using AWS for over 5 years • Web Development, Message Queues, Automation, CI&CD • Previously worked at SkyBet & DVSA • Now a DevOps Consultant with UKCloud, Evangelising OpenStack • Contributor to Terraform • I ♥️ Docker, Terraform & Golang (or anything Hashicorp) • #twitter: @bobbyjason About Me ☁️ 2
- 3. https://joind.in/talk/a76ea @bobbyjason #doxlon • I’m here to spread the awareness of UKCloud & OpenStack • I want you to use Docker Swarm • I want you to love Terraform • I want to show you how to scale an app using all the above Why Am I Here? 3
- 5. https://joind.in/talk/a76ea @bobbyjason #doxlon • Docker for AWS • Docker for Azure • UKCloud offer Cloud Native Infrastructure using Openstack Why Openstack? 5
- 7. https://joind.in/talk/a76ea @bobbyjason #doxlon • Who’s using Docker yet? • Who’s using Docker Swarm? • Who’s using Terraform? • Who’s using Packer? • Who’s not played with any of them, and would love to? Hands Up 7
- 9. https://joind.in/talk/a76ea @bobbyjason #doxlon • Docker 1.12 & now 1.13 has Docker Swarm natively, “Swarm Mode” • Cluster management integrated with Docker Engine • Decentralized design • Declarative service model • Scaling • Desired state reconciliation • Multi-host networking • Service discovery • Load balancing • Secure by default • Rolling updates Swarm Mode? 17
- 10. https://joind.in/talk/a76ea @bobbyjason #doxlon • docker swarm init —advertise-addr • Initialises the node for Swarm mode Docker Swarm Init 18
- 11. https://joind.in/talk/a76ea @bobbyjason #doxlon • docker service create --env APPLICATION_ENV=dev --update- delay 10s --replicas 1 --network mynet --name php-fpm bobbydvo/ukc_php-fpm:latest • docker service create --update-delay 10s --replicas 1 -p 80:80 -- network mynet --name web bobbydvo/ukc_nginx:latest • docker service update --image bobbydvo/ukc_nginx:1.81 web Docker Service Create 19
- 12. https://joind.in/talk/a76ea @bobbyjason #doxlon • docker service scale web=5 Docker Service Scale 20
- 13. https://joind.in/talk/a76ea @bobbyjason #doxlon • docker stack deploy —compose-file docker-compose.yml mystack Docker Stack Deploy (1.13 only) 21 version: "3" services: web: tty: true depends_on: - php-fpm image: bobbydvo/ukc_nginx:latest ports: - "80:80" deploy: mode: replicated replicas: 2 update_config: parallelism: 1 delay: 10s failure_action: continue monitor: 60s max_failure_ratio: 0.3 php-fpm: tty: true build: ./ image: bobbydvo/dummyapp_php-fpm:latest ports: - "9000:9000" environment: - APPLICATION_ENV=prod deploy: mode: replicated replicas: 1 update_config: parallelism: 1 delay: 10s failure_action: continue monitor: 60s max_failure_ratio: 0.3
- 14. https://joind.in/talk/a76ea @bobbyjason #doxlon • We’re about to embark onto the interesting stuff • Any questions? …and Pause. 22
- 15. https://joind.in/talk/a76ea @bobbyjason #doxlon • Packer • Terraform • Docker Swarm • Jenkins For Release How Do We Scale on Real Infrastructure 23
- 16. https://joind.in/talk/a76ea @bobbyjason #doxlon • Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. • Infrastructure as Code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used. • Execution Plans: Terraform has a "planning" step where it generates an execution plan. The execution plan shows what Terraform will do when you call apply. This lets you avoid any surprises when Terraform manipulates infrastructure What Is Terraform? 24
- 17. https://joind.in/talk/a76ea @bobbyjason #doxlon • How long do your builds & deployments in travis / Jenkins take? • What’s acceptable? • ‘Quick’ is relative, and depends on your requirements. • When I say quick deployments, I’m referring to efficient deployments using Foundation Images. Who Likes Quick Deployments? 29
- 18. https://joind.in/talk/a76ea @bobbyjason #doxlon • Ansible / Puppet / Chef means that lots of projects now build from the base box image, i.e. CentOS6 or Ubuntu 14.04 etc. • Do you want to be building this each build? Some of you are clever, and don’t. Some of you are clever, but didn’t consider an alternative, or didn’t know how. Maybe some of you don’t even use automated builds… • Using Packer and your provisioner of choice, you can export the artefact and store it as a Docker Container or Image in your cloud provider (Amazon AMI, OpenStack Glance, etc). Foundation Images 30
- 19. https://joind.in/talk/a76ea @bobbyjason #doxlon • Tool for creating identical machine images • Supports multiple platforms • Supports many provisioners (Ansible, Chef, Puppet, Bash.. etc.) • Can export image in multiple formats AMIs for EC2, VMDK/VMX files for VMware, OVF exports for VirtualBox, etc. What Is Packer? 31
- 20. https://joind.in/talk/a76ea @bobbyjason #doxlon Packer template.json 32 { "variables": { "aws_access_key": "", "aws_secret_key": "" }, "builders": [{ "type": "amazon-ebs", "access_key": "{{user `aws_access_key`}}", "secret_key": "{{user `aws_secret_key`}}", "region": "us-east-1", "source_ami": "ami-fce3c696", "instance_type": "t2.micro", "ssh_username": "ubuntu", "ami_name": "packer-example {{timestamp}}" }] }
- 21. https://joind.in/talk/a76ea @bobbyjason #doxlon Ansible Provisioning 33 "provisioners": [ { "type": "shell", "inline": [ "rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-7.noarch.rpm", "yum -y update", "yum -y install ansible", "ansible --version" ] },{ "type": "ansible-local", "playbook_file": "./ansible/playbook.yml", "role_paths": [ "./ansible/roles/init", "./ansible/roles/server", "./ansible/roles/mongodb", "./ansible/roles/php7", "./ansible/roles/nginx", "./ansible/roles/supervisord", "./ansible/roles/redis" ], "group_vars": "./ansible/common/group_vars" }
- 22. The cool bit; Putting it all together!
- 23. https://joind.in/talk/a76ea @bobbyjason #doxlon Build Docker Images Regularly 43 #!/bin/bash VERSION=1 CONTAINER=$1 BUILD_NUMBER=$2 if [[ $CONTAINER == 'all' ]]; then for CONTAINER in php-fpm nginx dynamodb consul; do docker build ./$CONTAINER -t bobbydvo/ukc_$CONTAINER:latest docker tag bobbydvo/ukc_$CONTAINER:latest bobbydvo/ukc_$CONTAINER:$VERSION.$BUIL done exit fi docker build ./$CONTAINER -t bobbydvo/ukc_$CONTAINER:latest docker tag bobbydvo/ukc_$CONTAINER:latest bobbydvo/ukc_$CONTAINER:$VERSION.$BUILD_NUMBER docker push bobbydvo/ukc_$CONTAINER:latest docker push bobbydvo/ukc_$CONTAINER:$VERSION.$BUILD_NUMBER
- 24. https://joind.in/talk/a76ea @bobbyjason #doxlon How NOT to Build Your Jenkins Job 44 echo $BUILD_NUMBER docker -v whoami sudo docker login -u bobbydvo -p Lr6n9hrGBLNxBm sudo ./build.sh $CONTAINER $BUILD_NUMBER
- 25. https://joind.in/talk/a76ea @bobbyjason #doxlon How to Build Your Jenkins Job 45 docker login -u bobbdvo -p Lr6n9hrGBLNxBm .docker/config.json: { "auths": { "https://index.docker.io/v1/": { "auth": “************************************” } }
- 26. https://joind.in/talk/a76ea @bobbyjason #doxlon How to Build Your Jenkins Job 46 echo $BUILD_NUMBER docker -v whoami #sudo docker login -u bobbydvo -p Lr6n9hrGBLNxBm sudo ./build.sh $CONTAINER $BUILD_NUMBER
- 27. https://joind.in/talk/a76ea @bobbyjason #doxlon How to Build Your Jenkins Job 47
- 28. https://joind.in/talk/a76ea @bobbyjason #doxlon Building DummyPHP Docker Image 48 FROM bobbydvo/ukc_php-fpm:latest WORKDIR /srv COPY . /srv/ WORKDIR /srv RUN composer install CMD ["/usr/bin/supervisord","-n","-c","/etc/supervisord.conf"]
- 29. https://joind.in/talk/a76ea @bobbyjason #doxlon On Merge Jenkins Hook 49 set -e DUMMY_VERSION=$BUILD_VERSION NGINX_VERSION='latest' sudo docker-compose build sudo docker run -i bobbydvo/dummyapp_php-fpm /srv/vendor/bin/phpunit -c /srv/app/phpunit.xml # tag & push only if all the above succeeded (set -e) sudo docker tag bobbydvo/dummyapp_php-fpm:latest bobbydvo/dummyapp_php-fpm:$DUMMY_VERSION sudo docker push bobbydvo/dummyapp_php-fpm:$DUMMY_VERSION sudo docker push bobbydvo/dummyapp_php-fpm:latest ssh -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null [email protected] ssh -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null [email protected]
- 31. https://joind.in/talk/a76ea @bobbyjason #doxlon Terraform Build Infrastructure - Manager1 51 resource "openstack_compute_instance_v2" "swarm_manager" { name = "swarm_manager_0" count = 1 #coreos-docker-alpha image_id = "0fe61d2f-0f9b-4dc8-8706-b45771f86d10" flavor_id = "7d73f524-f9a1-4e80-bedf-57216aae8038" key_pair = "${openstack_compute_keypair_v2.test-keypair.name}" security_groups = ["${openstack_compute_secgroup_v2.example_secgroup_1.name}"] user_data = "${data.template_file.cloudinit.rendered}" network { name = "${openstack_networking_network_v2.example_network1.name}" floating_ip = "${openstack_networking_floatingip_v2.example_floatip_manager.address}" }
- 32. https://joind.in/talk/a76ea @bobbyjason #doxlon Terraform - Cloudinit.sh 52 data "template_file" "cloudinit" { template = "${file("cloudinit.sh")}" vars { application_env = "dev" } }
- 33. https://joind.in/talk/a76ea @bobbyjason #doxlon Terraform - Cloudinit.sh 53 docker swarm init docker swarm join-token --quiet worker > /home/core/worker-token docker swarm join-token --quiet manager > /home/core/manager-token docker stack deploy --compose-file /home/core/docker-compose.yml mystack > /dev/nu
- 34. https://joind.in/talk/a76ea @bobbyjason #doxlon Terraform - Master X 54 resource "openstack_compute_instance_v2" "swarm_managerx" { name = "swarm_manager_${count.index+1}" count = 2 #coreos-docker-beta image_id = "0fe61d2f-0f9b-4dc8-8706-b45771f86d10" flavor_id = "7d73f524-f9a1-4e80-bedf-57216aae8038" key_pair = "${openstack_compute_keypair_v2.test-keypair.name}" security_groups = ["${openstack_compute_secgroup_v2.example_secgroup_1.name}"] user_data = "${data.template_file.managerinit.rendered}" network { name = "${openstack_networking_network_v2.example_network1.name}" } }
- 35. https://joind.in/talk/a76ea @bobbyjason #doxlon Terraform - Managerinit.sh 55 data "template_file" "managerinit" { template = "${file("managerinit.sh")}" vars { swarm_manager = "${openstack_compute_instance_v2.swarm_manager.access_ip_v4} } }
- 36. https://joind.in/talk/a76ea @bobbyjason #doxlon Terraform - ManagerInit.sh 56 # Copy Tokens from master1 => masterX sudo scp -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o U # Copy docker-compose.yml file sudo scp -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o U sudo docker swarm join --token $(cat /home/core/manager-token) ${swarm_manager}
- 37. https://joind.in/talk/a76ea @bobbyjason #doxlon Adding Workers 58 resource "openstack_compute_instance_v2" "swarm_slave" { name = "swarm_slave_${count.index}" count = "${var.swarm_node_count}" #coreos-docker-beta image_id = "0fe61d2f-0f9b-4dc8-8706-b45771f86d10" flavor_id = "c46be6d1-979d-4489-8ffe-e421a3c83fdd" key_pair = "${openstack_compute_keypair_v2.test-keypair.name}" security_groups = ["${openstack_compute_secgroup_v2.example_secgroup_1.name}"] user_data = "${data.template_file.slaveinit.rendered}" network { name = "${openstack_networking_network_v2.example_network1.name}" } }
- 38. https://joind.in/talk/a76ea @bobbyjason #doxlon Adding Workers - slaveinit.sh 59 data "template_file" "slaveinit" { template = "${file("slaveinit.sh")}" vars { swarm_manager = "${openstack_compute_instance_v2.swarm_manager.access_ip_v4}" node_count = "${var.swarm_node_count + 3}" } }
- 39. https://joind.in/talk/a76ea @bobbyjason #doxlon Adding Workers - slaveinit.sh 60 sudo scp -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null sudo docker swarm join --token $(cat /home/core/worker-token) ${swarm_manager} ssh -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null -i /ho ssh -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null -i /ho ## Forces redistribution across all nodes ssh -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null -i /ho ssh -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null -i /ho
- 40. https://joind.in/talk/a76ea @bobbyjason #doxlon Adding Workers - How Many? 61 variable "swarm_node_count" { default = 1 } variable "swarm_node_count" { default = 5 }
- 41. https://joind.in/talk/a76ea @bobbyjason #doxlon • Docker will bring up another container. Lets try. What If A Container Dies? 62
- 42. https://joind.in/talk/a76ea @bobbyjason #doxlon • Provisioned Docker Containers • Infrastructure as Code • Automated Deployments for CI / CD • Scalable Architecture • Openstack + UKCloud There you have it! 63
- 43. https://joind.in/talk/a76ea @bobbyjason #doxlon ‘Final’ Demo - A Release 64
- 44. Thank you :-) Bobby DeVeaux @bobbyjason https://joind.in/talk/a76ea
Editor's Notes
- #5: Key takeaway: UKPS are serious about transforming government IT. UKCloud uniquely focussed on providing enabling technologies and services which enabled us to become one of the fastest growing tech companies in Europe. Today, we remain 100% focussed on UKPS and are the market leading cloud provider. We support almost 200 workloads across over 30 direct customers and over 200 partners This slide provides an at-a-glance view of UKCloud. Along the bottom are key government policies and initiatives that have enabled a fundamental transformation of how IT is delivered across UK public sector. Digital by default is a core component of Civil Service Reform and seeks to enable a digital government, where interactions with businesses and citizens happen online rather than via call centres, drop-in centres or postal services. These new digital transactions require new applications and new architectures, and hence the government’s Technology Code of Practice advocates a Cloud First policy, favouring open-source and open standards over proprietary solutions, procured via the G-Cloud framework and appropriately assured through evaluation against the Cloud Security Principles. Importantly, Social Justice features prominently under the Theresa May government and UKCloud, as a British company, employing British people, creating British innovation and paying tax in Britain, is ideally aligned with the Social Value Act. In addition, the Greening ICT initiative incentivises the use of shared and efficient services such as cloud. And the dis-aggregation policy ensures that the large, legacy IT contracts are broken down and awarded to multiple suppliers rather than a single supplier. It’s this context that drives demand for what we do and gives us a clear purpose. Along the top are key characteristics of UKCloud. We were founded in 2011, as Skyscape Cloud Services, and born to deliver genuine cloud services exclusively to UK public sector and to therefore disrupt the inefficient way government IT was being delivered. In the past 5 years, we’ve grown rapidly including a 96% year-on-year growth in our last financial year. Indeed, we’re recognised as one of the fastest growing technology companies in the whole of Europe. This growth has enabled us to rapidly expand our company and we now have over 180 employees – all focused on delivering the best cloud for UK public sector. And our focus is paying dividends as we’re the market leading IaaS provider in G-Cloud with a 34% market share, bigger then the next three providers combined. Indeed, we’ve extended our market share every month despite increasing competition. And unlike other providers in G-Cloud who have but a few UK public sector customers, we have scores of customers and almost 200 UK public sector workloads, applications or projects. The centre of the slide shows that those 200 workloads consist of over 30 direct customer contracts with the likes of DVLA, HMRC, MOJ and others, as well as solutions delivered via a growing ecosystem of over 200 partners which includes the likes of SopraSteria and Capgemini delivering Systems Integration to the likes of Kainos, Equal Experts and CACI which deliver more specialised managed services and professional services. Over time, we believe the majority of our workloads will be delivered via our partner ecosystem.
- #6: We already have Docker for AWS We already have Docker for Azure UKCloud have an Openstack offering
- #7: Committing code to our PHP App and seeing it deployed Load Balancing Killing a container Points about being Cloud Native - Database as a Service,
- #17: not that scary
- #18: Decentralized design: Instead of handling differentiation between node roles at deployment time, the Docker Engine handles any specialization at runtime. You can deploy both kinds of nodes, managers and workers, using the Docker Engine. This means you can build an entire swarm from a single disk image. Declarative service model: Docker Engine uses a declarative approach to let you define the desired state of the various services in your application stack. For example, you might describe an application comprised of a web front end service with message queueing services and a database backend. Desired state reconciliation: The swarm manager node constantly monitors the cluster state and reconciles any differences between the actual state and your expressed desired state. For example, if you set up a service to run 10 replicas of a container, and a worker machine hosting two of those replicas crashes, the manager will create two new replicas to replace the replicas that crashed. The swarm manager assigns the new replicas to workers that are running and available. Multi-host networking: You can specify an overlay network for your services. The swarm manager automatically assigns addresses to the containers on the overlay network when it initializes or updates the application. Service discovery: Swarm manager nodes assign each service in the swarm a unique DNS name and load balances running containers. You can query every container running in the swarm through a DNS server embedded in the swarm. Load balancing: You can expose the ports for services to an external load balancer. Internally, the swarm lets you specify how to distribute service containers between nodes. Secure by default: Each node in the swarm enforces TLS mutual authentication and encryption to secure communications between itself and all other nodes. You have the option to use self-signed root certificates or certificates from a custom root CA. Rolling updates: At rollout time you can apply service updates to nodes incrementally. The swarm manager lets you control the delay between service deployment to different sets of nodes. If anything goes wrong, you can roll-back a task to a previous version of the service.
- #20: - Create services docker service ls
- #21: - Create services - Scale services docker service ls docker kill container docker service ls
- #22: Docker stack deploy —compose-file docker-compose.yml mystic docker stack ls docker service ls docker ps
- #23: We’ve covered docker compose & swarm basics, creating services and deploying stacks.. We have a great development enivronment Any questions so far?
- #25: Hopefully most of you know the already… :)
- #29: terraform apply
- #37: 3 things: > Updating the image to use the alpha build, so we can have Docker 1.13 > Installing Docker-Compose > Copying ssh key
- #38: Basic Nginx Docker Container
- #39: Nginx config to process PHP via PHP-FPM
- #41: Grabbing the PHP 7 docker container Installing supervisor + debug + opcache Copy 2 php.ini files. 1 for dev, 1 for prod
- #42: Supervisor accepting ENV var to determine which php file to load,
- #43: This will build our docker containers locally, but there’s a better way..
- #44: Bash Script to wrap it up and build the containers on Jenkins Show Jenkins Show docker hub
- #45: Had an email asking if I knew I’d posted my password in my blog post…
- #46: Pop this file on your Jenkins server and all will be good
- #47: commented it out for nostalgic purposes
- #48: Parameterised build report Docker-hub
- #49: Doesn’t do much other than copy that latest version of the code onto our latest foundation image No need to rebuild the PHP box, no reinstalling go OPcache or Xdebug
- #50: When we commit/merge into our master branch, we want to build our new PHP dummy app container show Docker Hub Red - fail to deploy as we have not created the infrastructure yet - lets do that next
- #52: Here we are building the first manager and passing in a user_data cloudinit file
- #54: the cloud init sets up the swarm and saves the join tokens it also uses our docker-compose.yml file to deploy the stack
- #55: For each of the other ‘secondary masters’ we use a different init file
- #57: Copies the join tokens from the Primary master, and also copies the docker compose file Then joins the swarm using the token we now have 3 masters, all capable of being the Leader.
- #58: terraform apply ssh docker node ls visit IP and show load balancing
- #61: Copying the worker tokens scaling the nodes to the numbers of workers forcing redistribution if scaling more than 1 at a time
- #62: terraform apply
- #65: Committing code to our PHP App and seeing it deployed Load Balancing Killing a container Points about being Cloud Native - Database as a Service,