SlideShare a Scribd company logo

Creating Developer-Friendly Docker Containers with Chaperone

Download as PPTX, PDF
Gary Wisniewski
Gary Wisniewski

The document discusses creating developer-friendly containers using Chaperone and the chaperone-baseimage family. Chaperone is a process manager that provides services like logging, cron jobs, and orderly shutdown within containers. The chaperone-baseimage images use Chaperone to provide three personalities for containers: closed, attached-data, and development. This allows developers to have a consistent environment to develop applications without understanding container internals. The development model mounts the container's infrastructure to the developer's local directory for easy editing of code and data outside the container.

Technology
1 of 41
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Creating Developer- Friendly Containers (with some help from chaperone) garyw@blueseastech.com http://garywiz.com slideshare: http://goo.gl/7UmU5B
Hello Background (the boring stuff) Developer needs as we see it Our solution (think of it as a case-study) Q&A or whatever
We provide systems architecture and engineering consulting to enterprise, small- business development teams and start-ups. Docker is transforming the way we think about architecture and deployment. This is how we’ve been helping clients transition toward a robust container environment…
Our Perspective
Micro-service Applications Legacy Applications Primordial Applications Enterprise Architectures Docker Adoption Focus
Managing and Deploying Containers Solid Advice and Emerging Best Practices Technologies / Techniques / Case-Studies Best Practices for Application Developers “One Process Per Container” Advice new adopters discover online…
Best Practices for Application Developers “One Process Per Container” Futile attempts to split complex existing applications into separate container processes. Redesign of existing systems using Micro-Services architecture. Attempts to do self-scripted container startup without DevOps skill-set. Attempts to create a mini-VM environment with Supervisor, S6, runit, or even systemd. and rarely…
“Your architecture is really outdated. Nobody builds new systems like this anymore, and considering some of your code is 5 to 10 years old, we suggest you rebuild everything from the ground- up.” So, this message hasn’t been getting through very well…
“Containers can save you time and money… You can have greater application consistency and stability for existing development while paving the way for a transition to better architectures.” This works better…
Docker is not designed for developers. Problem
Good Developers… • Benefit from uninterrupted focus for their most productive activities. • Usually spend years mastering the language and tools they use to achieve maximum productivity. • Resist change because they know that goals will not be met if they change toolsets without ample consideration, or at the wrong time.
coders Defining, managing, scheduling, deploying, requirements changes, management changes, technology changes, goal changes.
coders Defining, managing, scheduling, deploying, requirements changes, management changes, technology changes, goal changes. The most successful strategies will relieve pressure rather than add new skillsets to the requirements.
Making things easier means… • A documented, well-managed non-root development environment. Application code and related services should never run as root. • An environment where system services are properly configured. • Constraints to assure that application practices which violate production requirements trigger errors.
How could we best assist people at making the transition? We built a technology solution.
Goals • Create a developer-friendly environment for people who spend 99% of their time coding applications. • Assure developers can configure and develop their applications without having to modify or understand container internals. • “Scale down” necessary services like logging, cron, error recovery, process management to assure all supporting services present a properly-configured container environment. • Create a consistent runtime model so that DevOps teams can rely upon consistent requirements when developing, assembling, testing and deploying applications using tools like compose, etc..
Existing process management solutions are not designed with containers in mind. Problem
Chaperone • Single PID 1 process that provides… 1. dependency-based startup, cron scheduling, script execution, systemd notify protocol, orderly shutdown, zombie harvesting, and… 2. syslog emulation, /dev/log capture and redirection 3. uid/gid mapping for attached storage 4. rich full-featured service, logging and environment configuration • A general-purpose tool. Simple YAML configuration in a single file, or can be as complex as desired. • Open-source, well-documented.
chaperone-baseimage family (at https://registry.hub.docker.com/repos/chapdev/) • Collection of images which use Chaperone to establish a robust development and deployment model. • All images support three “personalities”: • closed: applications and data reside inside the container • attached-data: applications and infrastructure reside inside the container, data is external • development: infrastructure is inside the container, data and applications are external (usually in developer’s home directory).
Infrastr ucture Apps and C onfigur ation Persist ent Da ta Application components
Infrastr ucture Apps and C onfigur ation Persist ent Da ta Closed Model Entire application exists within the same container. Ideal: • when container data is truly ephemeral. • for “model” deployments or demonstrations.
Closed Model Entire application exists within the same container. docker run -i -t --rm -p 80:8080 -p 443:8443 chapdev/chaperone-lemp /bin/bash
Closed Model Entire application exists within the same container. docker run -i -t --rm -p 80:8080 -p 443:8443 chapdev/chaperone-lemp /bin/bash Jul 19 13:42:26 baccbaa91e5a chaperone[1]: system wll be killed when '/bin/bash' exits runapps@baccbaa91e5a:/$ cps USER PID PPID PGID VSZ RSS STAT COMMAND root 1 0 1 69448 16532 Ss [chaperone] /bin/bash runapps 55 1 55 426920 51240 Sl /usr/sbin/mysqld --defaults-file=/apps/etc/mysql/my runapps 75 1 75 228956 5104 Ss php-fpm: master process (/apps/etc/php-fpm.conf) runapps 76 75 75 228956 4524 S _ php-fpm: pool www runapps 77 75 75 228956 4516 S _ php-fpm: pool www runapps 83 1 83 82116 1368 Ss nginx: master process /usr/sbin/nginx -c /apps/var/e runapps 84 83 83 82436 1660 S _ nginx: worker process runapps 85 83 83 82436 1660 S _ nginx: worker process runapps 86 83 83 82436 1660 S _ nginx: worker process runapps 87 83 83 82436 1660 S _ nginx: worker process runapps 88 1 88 21284 1988 S /bin/bash runapps 91 88 91 21088 1544 S+ _ /bin/bash /apps/bin/cps runapps 92 91 91 18680 1280 R+ _ ps --forest -weo … runapps@baccbaa91e5a:/$ Processes run as… In directory… With data here… “runapps” /apps /apps/var
Infrastru cture Apps and Co nfigurati on Persiste nt Data Attached-Data Model Data exists on attached storage. Ideal for most production deployments.
Attached-Data Model Data exists on attached storage. mkdir lemp-var docker run -i -t --rm -v /home/garyw/lemp-var:/apps/var -p 80:8080 -p 443:8443 chapdev/chaperone-lemp --create garyw/1021:1021 /bin/bash
Attached-Data Model Data exists on attached storage. myuid=`id -u` mygid=`id -g` mkdir lemp-var docker run -i -t --rm -v `pwd`/lemp-var:/apps/var -p 80:8080 -p 443:8443 chapdev/chaperone-lemp --create $USER/$myuid:$mygid /bin/bash
Attached-Data Model Data exists on attached storage. Jul 19 13:50:21 e75923c8b6b0 chaperone[1]: system wll be killed when '/bin/bash' exits garyw@e75923c8b6b0:/$ cps cps USER PID PPID PGID VSZ RSS STAT COMMAND root 1 0 1 69464 16544 Ss [chaperone] /bin/bash garyw 77 1 77 426920 51148 Sl /usr/sbin/mysqld --defaults-file=/apps/etc/mysql/my.cnf - garyw 97 1 97 228956 5104 Ss php-fpm: master process (/apps/etc/php-fpm.conf) garyw 98 97 97 228956 4524 S _ php-fpm: pool www garyw 99 97 97 228956 4516 S _ php-fpm: pool www garyw 105 1 105 82116 1376 Ss nginx: master process /usr/sbin/nginx -c /apps/var/etc/ng garyw 106 105 105 82436 1672 S _ nginx: worker process garyw 107 105 105 82436 1672 S _ nginx: worker process garyw 108 105 105 82436 1672 S _ nginx: worker process garyw 109 105 105 82436 1672 S _ nginx: worker process garyw 110 1 110 21280 1988 S /bin/bash garyw 113 110 113 21088 1544 S+ _ /bin/bash /apps/bin/cps garyw 114 113 113 18680 1284 R+ _ ps --forest -weo user,pid,ppid,pgid,vsz,… garyw@e75923c8b6b0:/$ Processes run as… In directory… With data here… —create-user user /apps mounted: /apps/var myuid=`id -u` mygid=`id -g` mkdir lemp-var docker run -i -t --rm -v `pwd`/lemp-var:/apps/var -p 80:8080 -p 443:8443 chapdev/chaperone-lemp --create $USER/$myuid:$mygid /bin/bash
Infrastr ucture Apps and Co nfigurati on Persiste nt Data Development Model Only infrastructure resides in container. Ideal for: • development • rapid prototyping • experimentation and exploring
Development Model Only infrastructure resides in container. docker run -i --rm chapdev/chaperone-lemp --task get-chaplocal | sh Step 1: Extract ‘chaplocal’ utility from the desired container
Development Model Only infrastructure resides in container. docker run -i --rm chapdev/chaperone-lemp --task get-chaplocal | sh Step 1: Extract ‘chaplocal’ utility from the desired container $ docker run -i --rm chapdev/chaperone-lemp --task get-chaplocal | sh The 'chaplocal' script is ready to use. Here is the help you get if you type ./chaplocal at the command line... Usage: chaplocal [-d] local-apps-dir [image-name] Runs the specified chaperone image and uses local-apps-dir for the apps directory. Creates a script in local-apps-dir called run.sh so you can run an interactive (default) or daemon instance. Will run all container processes under the current user account with the local drive mounted as a shared volume in the container. If not specified, the the image 'chapdev/chaperone-lemp' will be used. $
Development Model Only infrastructure resides in container. Step 2: Create and start a new development directory ./chaplocal myappdir
Development Model Only infrastructure resides in container. Step 2: Create and start a new development directory ./chaplocal myappdir ./chaplocal myappdir Extracting /apps default directory into /home/garyw/meetup/myappdir ... You can customize the contents of /home/garyw/meetup/myappdir to tailor it for your application, then use it as a template for your production image. Executing run.sh within /home/garyw/meetup/myappdir ... Port 8080 available at docker1:8080 ... Port 8443 available at docker1:8443 ... Jul 19 14:06:55 c8056b4d6b73 chaperone[1]: system wll be killed when '/bin/bash' exits Now running inside container. Directory is: /home/garyw/meetup/myappdir The default 'nginx' site is running at http://docker1:8080/ garyw@c8056b4d6b73:~/meetup/myappdir$ Processes run as… In directory… With data here… —create-user user mounted: /home/garyw/apps mounted: /home/garyw/apps/var
Development Model Only infrastructure resides in container. apps directory contents on in developers’s home directory Processes run as… In directory… With data here… —create-user user mounted: /home/garyw/apps mounted: /home/garyw/apps/var garyw@c8056b4d6b73:~/meetup/myappdir$ ls -l total 44 -rw-r--r-- 1 garyw garyw 328 Jul 19 14:06 bash.bashrc drwxr-sr-x 2 garyw garyw 4096 Jul 19 13:24 bin drwxr-sr-x 2 garyw garyw 4096 Jul 19 14:06 build -rwxr-xr-x 1 garyw garyw 589 Jul 19 14:06 build.sh drwxr-sr-x 2 garyw garyw 4096 Jul 19 13:24 chaperone.d drwxr-sr-x 4 garyw garyw 4096 Jul 19 13:24 etc -rw-r--r-- 1 garyw garyw 1016 Jun 10 03:53 README -rwxr-xr-x 1 garyw garyw 1775 Jul 19 14:06 run.sh drwxr-sr-x 2 garyw garyw 4096 Jul 19 13:24 startup.d drwxr-sr-x 7 garyw garyw 4096 Jul 19 14:06 var drwxr-sr-x 4 garyw garyw 4096 Jun 28 04:00 www garyw@c8056b4d6b73:~/meetup/myappdir$ exit
Processes run as… In directory… With data here… closed “runapps” /apps /apps/var attached data externally-specified UID/GID /apps /apps/var (attached) developer externally specified UID/GID /home/xxx/apps (attached) /home/xxx/apps/var (attached) Summary of container models supported by chaperone-baseimage and any derivatives
The result… • Developers have a single, consistent development model where… • They control, configure, and add all services and applications they need under their own user account in their own development directory, and… • Resulting images can be run using all three models: closed, attached-data, and for additional development.
Resources
The Sample Application docker run -i -t --rm -p 80:8080 -p 443:8443 chapdev/chaperone-lemp /bin/bash
Dockerfile Quick Start http://garywiz.github.io/chaperone/guide/chap-docker-simple.html
Image Family https://github.com/garywiz/chaperone-docker
Warning! • In use in production, but just released this month as open-source. Though well-tested and documented, it is still a work in progress. • Chaperone itself is platform neutral, but tools for creating the development environment may need minor tweaking for Kitematic or boot2docker systems. Recommended environment is Linux host. • Images have been tested under CentOS but there is no CentOS base image yet (coming soon).
Q&A ++ me: http://garywiz.com chaperone: https://github.com/garywiz/chaperone documentation: http://garywiz.github.io/chaperone chaperone-baseimage and friends: https://github.com/garywiz/chaperone-docker on Docker Hub: https://registry.hub.docker.com/repos/chapdev/

More Related Content

What's hot (19)

PDF
NYC_2016_slides
Nathan Halko
 
PDF
Continuous integration and delivery for java based web applications
Sunil Dalal
 
PDF
Java APIs- The missing manual (concurrency)
Hendrik Ebbers
 
PDF
JavaOne 2015: From Java Code to Machine Code
Chris Bailey
 
PPTX
Apache DeviceMap - ApacheCon core Europe 2015
Werner Keil
 
PPTX
Cloud Foundry: Hands-on Deployment Workshop
Manuel Garcia
 
PDF
Coscup
Giivee The
 
PDF
An introduction to git
olberger
 
PPTX
Pass Summit Linux Scripting for the Microsoft Professional
Kellyn Pot'Vin-Gorman
 
PDF
Java 11 OMG
Hendrik Ebbers
 
PPTX
Performance Comparison of Streaming Big Data Platforms
DataWorks Summit/Hadoop Summit
 
PPTX
Interactive Analytics using Apache Spark
Sachin Aggarwal
 
PDF
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
Chris Fregly
 
PDF
Introduction to Reactive Streams and Reactor 2.5
Stéphane Maldini
 
KEY
DrupalCon 2011 Highlight
Supakit Kiatrungrit
 
PPTX
Big Data in Container; Hadoop Spark in Docker and Mesos
Heiko Loewe
 
PDF
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
Timothy Spann
 
PDF
Java APIs - the missing manual
Hendrik Ebbers
 
PPTX
Lessons Learned Running Hadoop and Spark in Docker Containers
BlueData, Inc.
 
NYC_2016_slides
Nathan Halko
 
Continuous integration and delivery for java based web applications
Sunil Dalal
 
Java APIs- The missing manual (concurrency)
Hendrik Ebbers
 
JavaOne 2015: From Java Code to Machine Code
Chris Bailey
 
Apache DeviceMap - ApacheCon core Europe 2015
Werner Keil
 
Cloud Foundry: Hands-on Deployment Workshop
Manuel Garcia
 
Coscup
Giivee The
 
An introduction to git
olberger
 
Pass Summit Linux Scripting for the Microsoft Professional
Kellyn Pot'Vin-Gorman
 
Java 11 OMG
Hendrik Ebbers
 
Performance Comparison of Streaming Big Data Platforms
DataWorks Summit/Hadoop Summit
 
Interactive Analytics using Apache Spark
Sachin Aggarwal
 
KubeFlow + GPU + Keras/TensorFlow 2.0 + TF Extended (TFX) + Kubernetes + PyTo...
Chris Fregly
 
Introduction to Reactive Streams and Reactor 2.5
Stéphane Maldini
 
DrupalCon 2011 Highlight
Supakit Kiatrungrit
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Heiko Loewe
 
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
Timothy Spann
 
Java APIs - the missing manual
Hendrik Ebbers
 
Lessons Learned Running Hadoop and Spark in Docker Containers
BlueData, Inc.
 

Similar to Creating Developer-Friendly Docker Containers with Chaperone (20)

PDF
Docker-v3.pdf
Bruno Cornec
 
PDF
JOSA TechTalk: Taking Docker to Production
Jordan Open Source Association
 
PDF
Techtalks: taking docker to production
muayyad alsadi
 
PPTX
Novices guide to docker
Alec Clews
 
PDF
Accelerate your software development with Docker
Andrey Hristov
 
PPTX
Accelerate your development with Docker
Andrey Hristov
 
PDF
Continuous Integration with Docker on AWS
Andrew Heifetz
 
PDF
Data Science Workflows using Docker Containers
Aly Sivji
 
PPTX
Docker for Fun and Profit
Kel Cecil
 
PDF
Killer Docker Workflows for Development
Chris Tankersley
 
PPTX
Docker - Demo on PHP Application deployment
Arun prasath
 
PPTX
Duke Docker Day 2014: Research Applications with Docker
Darin London
 
PPTX
Docker Basic to Advance
Paras Jain
 
PPTX
Developer workflow with docker
Wyn B. Van Devanter
 
PPSX
Docker Kubernetes Istio
Araf Karsh Hamid
 
PDF
Journey to the devops automation with docker kubernetes and openshift
Yusuf Hadiwinata Sutandar
 
PPTX
Docker and the Container Ecosystem
psconnolly
 
PDF
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
PDF
Docker Online Meetup #3: Docker in Production
Docker, Inc.
 
PDF
Introduction to Docker
Aditya Konarde
 
Docker-v3.pdf
Bruno Cornec
 
JOSA TechTalk: Taking Docker to Production
Jordan Open Source Association
 
Techtalks: taking docker to production
muayyad alsadi
 
Novices guide to docker
Alec Clews
 
Accelerate your software development with Docker
Andrey Hristov
 
Accelerate your development with Docker
Andrey Hristov
 
Continuous Integration with Docker on AWS
Andrew Heifetz
 
Data Science Workflows using Docker Containers
Aly Sivji
 
Docker for Fun and Profit
Kel Cecil
 
Killer Docker Workflows for Development
Chris Tankersley
 
Docker - Demo on PHP Application deployment
Arun prasath
 
Duke Docker Day 2014: Research Applications with Docker
Darin London
 
Docker Basic to Advance
Paras Jain
 
Developer workflow with docker
Wyn B. Van Devanter
 
Docker Kubernetes Istio
Araf Karsh Hamid
 
Journey to the devops automation with docker kubernetes and openshift
Yusuf Hadiwinata Sutandar
 
Docker and the Container Ecosystem
psconnolly
 
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
Docker Online Meetup #3: Docker in Production
Docker, Inc.
 
Introduction to Docker
Aditya Konarde
 
Ad

Recently uploaded (20)

PPTX
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
PPTX
Digital Circuits, important subject in CS
contactparinay1
 
PPTX
Agentforce World Tour Toronto '25 - Supercharge MuleSoft Development with Mod...
Alexandra N. Martinez
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
PDF
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PPTX
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
PDF
SIZING YOUR AIR CONDITIONER---A PRACTICAL GUIDE.pdf
Muhammad Rizwan Akram
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
PDF
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
PDF
“Voice Interfaces on a Budget: Building Real-time Speech Recognition on Low-c...
Edge AI and Vision Alliance
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit
 
PDF
UiPath DevConnect 2025: Agentic Automation Community User Group Meeting
DianaGray10
 
Agentforce World Tour Toronto '25 - MCP with MuleSoft
Alexandra N. Martinez
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
Digital Circuits, important subject in CS
contactparinay1
 
Agentforce World Tour Toronto '25 - Supercharge MuleSoft Development with Mod...
Alexandra N. Martinez
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
SIZING YOUR AIR CONDITIONER---A PRACTICAL GUIDE.pdf
Muhammad Rizwan Akram
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
“Voice Interfaces on a Budget: Building Real-time Speech Recognition on Low-c...
Edge AI and Vision Alliance
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit
 
UiPath DevConnect 2025: Agentic Automation Community User Group Meeting
DianaGray10
 
Ad

Creating Developer-Friendly Docker Containers with Chaperone

  • 1. Creating Developer- Friendly Containers (with some help from chaperone) [email protected] http://garywiz.com slideshare: http://goo.gl/7UmU5B
  • 2. Hello Background (the boring stuff) Developer needs as we see it Our solution (think of it as a case-study) Q&A or whatever
  • 3. We provide systems architecture and engineering consulting to enterprise, small- business development teams and start-ups. Docker is transforming the way we think about architecture and deployment. This is how we’ve been helping clients transition toward a robust container environment…
  • 6. Managing and Deploying Containers Solid Advice and Emerging Best Practices Technologies / Techniques / Case-Studies Best Practices for Application Developers “One Process Per Container” Advice new adopters discover online…
  • 7. Best Practices for Application Developers “One Process Per Container” Futile attempts to split complex existing applications into separate container processes. Redesign of existing systems using Micro-Services architecture. Attempts to do self-scripted container startup without DevOps skill-set. Attempts to create a mini-VM environment with Supervisor, S6, runit, or even systemd. and rarely…
  • 8. “Your architecture is really outdated. Nobody builds new systems like this anymore, and considering some of your code is 5 to 10 years old, we suggest you rebuild everything from the ground- up.” So, this message hasn’t been getting through very well…
  • 9. “Containers can save you time and money… You can have greater application consistency and stability for existing development while paving the way for a transition to better architectures.” This works better…
  • 10. Docker is not designed for developers. Problem
  • 11. Good Developers… • Benefit from uninterrupted focus for their most productive activities. • Usually spend years mastering the language and tools they use to achieve maximum productivity. • Resist change because they know that goals will not be met if they change toolsets without ample consideration, or at the wrong time.
  • 12. coders Defining, managing, scheduling, deploying, requirements changes, management changes, technology changes, goal changes.
  • 13. coders Defining, managing, scheduling, deploying, requirements changes, management changes, technology changes, goal changes. The most successful strategies will relieve pressure rather than add new skillsets to the requirements.
  • 14. Making things easier means… • A documented, well-managed non-root development environment. Application code and related services should never run as root. • An environment where system services are properly configured. • Constraints to assure that application practices which violate production requirements trigger errors.
  • 15. How could we best assist people at making the transition? We built a technology solution.
  • 16. Goals • Create a developer-friendly environment for people who spend 99% of their time coding applications. • Assure developers can configure and develop their applications without having to modify or understand container internals. • “Scale down” necessary services like logging, cron, error recovery, process management to assure all supporting services present a properly-configured container environment. • Create a consistent runtime model so that DevOps teams can rely upon consistent requirements when developing, assembling, testing and deploying applications using tools like compose, etc..
  • 17. Existing process management solutions are not designed with containers in mind. Problem
  • 18. Chaperone • Single PID 1 process that provides… 1. dependency-based startup, cron scheduling, script execution, systemd notify protocol, orderly shutdown, zombie harvesting, and… 2. syslog emulation, /dev/log capture and redirection 3. uid/gid mapping for attached storage 4. rich full-featured service, logging and environment configuration • A general-purpose tool. Simple YAML configuration in a single file, or can be as complex as desired. • Open-source, well-documented.
  • 19. chaperone-baseimage family (at https://registry.hub.docker.com/repos/chapdev/) • Collection of images which use Chaperone to establish a robust development and deployment model. • All images support three “personalities”: • closed: applications and data reside inside the container • attached-data: applications and infrastructure reside inside the container, data is external • development: infrastructure is inside the container, data and applications are external (usually in developer’s home directory).
  • 21. Infrastr ucture Apps and C onfigur ation Persist ent Da ta Closed Model Entire application exists within the same container. Ideal: • when container data is truly ephemeral. • for “model” deployments or demonstrations.
  • 22. Closed Model Entire application exists within the same container. docker run -i -t --rm -p 80:8080 -p 443:8443 chapdev/chaperone-lemp /bin/bash
  • 23. Closed Model Entire application exists within the same container. docker run -i -t --rm -p 80:8080 -p 443:8443 chapdev/chaperone-lemp /bin/bash Jul 19 13:42:26 baccbaa91e5a chaperone[1]: system wll be killed when '/bin/bash' exits runapps@baccbaa91e5a:/$ cps USER PID PPID PGID VSZ RSS STAT COMMAND root 1 0 1 69448 16532 Ss [chaperone] /bin/bash runapps 55 1 55 426920 51240 Sl /usr/sbin/mysqld --defaults-file=/apps/etc/mysql/my runapps 75 1 75 228956 5104 Ss php-fpm: master process (/apps/etc/php-fpm.conf) runapps 76 75 75 228956 4524 S _ php-fpm: pool www runapps 77 75 75 228956 4516 S _ php-fpm: pool www runapps 83 1 83 82116 1368 Ss nginx: master process /usr/sbin/nginx -c /apps/var/e runapps 84 83 83 82436 1660 S _ nginx: worker process runapps 85 83 83 82436 1660 S _ nginx: worker process runapps 86 83 83 82436 1660 S _ nginx: worker process runapps 87 83 83 82436 1660 S _ nginx: worker process runapps 88 1 88 21284 1988 S /bin/bash runapps 91 88 91 21088 1544 S+ _ /bin/bash /apps/bin/cps runapps 92 91 91 18680 1280 R+ _ ps --forest -weo … runapps@baccbaa91e5a:/$ Processes run as… In directory… With data here… “runapps” /apps /apps/var
  • 24. Infrastru cture Apps and Co nfigurati on Persiste nt Data Attached-Data Model Data exists on attached storage. Ideal for most production deployments.
  • 25. Attached-Data Model Data exists on attached storage. mkdir lemp-var docker run -i -t --rm -v /home/garyw/lemp-var:/apps/var -p 80:8080 -p 443:8443 chapdev/chaperone-lemp --create garyw/1021:1021 /bin/bash
  • 26. Attached-Data Model Data exists on attached storage. myuid=`id -u` mygid=`id -g` mkdir lemp-var docker run -i -t --rm -v `pwd`/lemp-var:/apps/var -p 80:8080 -p 443:8443 chapdev/chaperone-lemp --create $USER/$myuid:$mygid /bin/bash
  • 27. Attached-Data Model Data exists on attached storage. Jul 19 13:50:21 e75923c8b6b0 chaperone[1]: system wll be killed when '/bin/bash' exits garyw@e75923c8b6b0:/$ cps cps USER PID PPID PGID VSZ RSS STAT COMMAND root 1 0 1 69464 16544 Ss [chaperone] /bin/bash garyw 77 1 77 426920 51148 Sl /usr/sbin/mysqld --defaults-file=/apps/etc/mysql/my.cnf - garyw 97 1 97 228956 5104 Ss php-fpm: master process (/apps/etc/php-fpm.conf) garyw 98 97 97 228956 4524 S _ php-fpm: pool www garyw 99 97 97 228956 4516 S _ php-fpm: pool www garyw 105 1 105 82116 1376 Ss nginx: master process /usr/sbin/nginx -c /apps/var/etc/ng garyw 106 105 105 82436 1672 S _ nginx: worker process garyw 107 105 105 82436 1672 S _ nginx: worker process garyw 108 105 105 82436 1672 S _ nginx: worker process garyw 109 105 105 82436 1672 S _ nginx: worker process garyw 110 1 110 21280 1988 S /bin/bash garyw 113 110 113 21088 1544 S+ _ /bin/bash /apps/bin/cps garyw 114 113 113 18680 1284 R+ _ ps --forest -weo user,pid,ppid,pgid,vsz,… garyw@e75923c8b6b0:/$ Processes run as… In directory… With data here… —create-user user /apps mounted: /apps/var myuid=`id -u` mygid=`id -g` mkdir lemp-var docker run -i -t --rm -v `pwd`/lemp-var:/apps/var -p 80:8080 -p 443:8443 chapdev/chaperone-lemp --create $USER/$myuid:$mygid /bin/bash
  • 28. Infrastr ucture Apps and Co nfigurati on Persiste nt Data Development Model Only infrastructure resides in container. Ideal for: • development • rapid prototyping • experimentation and exploring
  • 29. Development Model Only infrastructure resides in container. docker run -i --rm chapdev/chaperone-lemp --task get-chaplocal | sh Step 1: Extract ‘chaplocal’ utility from the desired container
  • 30. Development Model Only infrastructure resides in container. docker run -i --rm chapdev/chaperone-lemp --task get-chaplocal | sh Step 1: Extract ‘chaplocal’ utility from the desired container $ docker run -i --rm chapdev/chaperone-lemp --task get-chaplocal | sh The 'chaplocal' script is ready to use. Here is the help you get if you type ./chaplocal at the command line... Usage: chaplocal [-d] local-apps-dir [image-name] Runs the specified chaperone image and uses local-apps-dir for the apps directory. Creates a script in local-apps-dir called run.sh so you can run an interactive (default) or daemon instance. Will run all container processes under the current user account with the local drive mounted as a shared volume in the container. If not specified, the the image 'chapdev/chaperone-lemp' will be used. $
  • 31. Development Model Only infrastructure resides in container. Step 2: Create and start a new development directory ./chaplocal myappdir
  • 32. Development Model Only infrastructure resides in container. Step 2: Create and start a new development directory ./chaplocal myappdir ./chaplocal myappdir Extracting /apps default directory into /home/garyw/meetup/myappdir ... You can customize the contents of /home/garyw/meetup/myappdir to tailor it for your application, then use it as a template for your production image. Executing run.sh within /home/garyw/meetup/myappdir ... Port 8080 available at docker1:8080 ... Port 8443 available at docker1:8443 ... Jul 19 14:06:55 c8056b4d6b73 chaperone[1]: system wll be killed when '/bin/bash' exits Now running inside container. Directory is: /home/garyw/meetup/myappdir The default 'nginx' site is running at http://docker1:8080/ garyw@c8056b4d6b73:~/meetup/myappdir$ Processes run as… In directory… With data here… —create-user user mounted: /home/garyw/apps mounted: /home/garyw/apps/var
  • 33. Development Model Only infrastructure resides in container. apps directory contents on in developers’s home directory Processes run as… In directory… With data here… —create-user user mounted: /home/garyw/apps mounted: /home/garyw/apps/var garyw@c8056b4d6b73:~/meetup/myappdir$ ls -l total 44 -rw-r--r-- 1 garyw garyw 328 Jul 19 14:06 bash.bashrc drwxr-sr-x 2 garyw garyw 4096 Jul 19 13:24 bin drwxr-sr-x 2 garyw garyw 4096 Jul 19 14:06 build -rwxr-xr-x 1 garyw garyw 589 Jul 19 14:06 build.sh drwxr-sr-x 2 garyw garyw 4096 Jul 19 13:24 chaperone.d drwxr-sr-x 4 garyw garyw 4096 Jul 19 13:24 etc -rw-r--r-- 1 garyw garyw 1016 Jun 10 03:53 README -rwxr-xr-x 1 garyw garyw 1775 Jul 19 14:06 run.sh drwxr-sr-x 2 garyw garyw 4096 Jul 19 13:24 startup.d drwxr-sr-x 7 garyw garyw 4096 Jul 19 14:06 var drwxr-sr-x 4 garyw garyw 4096 Jun 28 04:00 www garyw@c8056b4d6b73:~/meetup/myappdir$ exit
  • 34. Processes run as… In directory… With data here… closed “runapps” /apps /apps/var attached data externally-specified UID/GID /apps /apps/var (attached) developer externally specified UID/GID /home/xxx/apps (attached) /home/xxx/apps/var (attached) Summary of container models supported by chaperone-baseimage and any derivatives
  • 35. The result… • Developers have a single, consistent development model where… • They control, configure, and add all services and applications they need under their own user account in their own development directory, and… • Resulting images can be run using all three models: closed, attached-data, and for additional development.
  • 37. The Sample Application docker run -i -t --rm -p 80:8080 -p 443:8443 chapdev/chaperone-lemp /bin/bash
  • 40. Warning! • In use in production, but just released this month as open-source. Though well-tested and documented, it is still a work in progress. • Chaperone itself is platform neutral, but tools for creating the development environment may need minor tweaking for Kitematic or boot2docker systems. Recommended environment is Linux host. • Images have been tested under CentOS but there is no CentOS base image yet (coming soon).
  • 41. Q&A ++ me: http://garywiz.com chaperone: https://github.com/garywiz/chaperone documentation: http://garywiz.github.io/chaperone chaperone-baseimage and friends: https://github.com/garywiz/chaperone-docker on Docker Hub: https://registry.hub.docker.com/repos/chapdev/

Editor's Notes

  • #11: End with: “How can we overcome this? First, let’s consider developers themselves…”
  • #12: These are often at odds with the reality of organisations and businesses…
  • #16: End with: HOW?
  • #18: End with: “SO WE’LL QUICKLY SWITCH TO BEING TECHNICAL…”