
Docker interactive tutorial - dhrp
http://blog.docker.io/2013/08/introducing-an-interactive-docker-tutorial/
======
itry
I never understood what docker is or who is supposed to use it. Can somebody
enlighten me?

~~~
csears
Regarding who is supposed to use it... If you like deploying your apps to a
Platform-as-a-Service (PaaS) like Heroku, Google AppEngine, or DotCloud, but
wanted to run it on your own infrastructure, then Docker could be for you!

It's designed to be a key building block for anyone who wants to create their
own PaaS-like service or environment. Why would you need your own PaaS? You
might have unique security requirements forcing you to run an app in-house, or
you might not want to pay the high prices of a commercial PaaS if your app
gets popular.

~~~
tootie
So I'm used to configuring stuff by hand, and now I see a lot of buzz around
docker, vagrant, chef, puppet, salt and they seem like glorified shell
scripts. Am I missing something?

~~~
jpetazzo
It's basically what you get when you start your deployment toolchain as simple
shell scripts, then make them evolve, add features, and at some point, rewrite
from scratch with a "real" programming language. I don't know if that matches
your definition of "glorified" though :-)

~~~
tootie
I'm reading this python example
([http://docs.docker.io/en/latest/examples/python_web_app/](http://docs.docker.io/en/latest/examples/python_web_app/))
and it's a wrapper for running bash scripts with arcane syntax layered on top.

------
dhrp
The creator here. Please let me know if you have any questions or comments!

~~~
simonebrunozzi
Hi dhrp, I assume you work for Dotcloud?

Nice job so far. Where do you see this heading to? What's your view of what
will happen in the virtualization world?

Best,

~~~
dhrp
Hi. Thanks! My personal take on where Docker is heading to? There are so many
things people can do with this, it's hard to summarize.

What I personally care most about? As a designer ex-entrepreneur and front-end
developer, the thing that gets me going most is the idea that I'm able to
"just run" an application. No more difficult than from the Mac store. For
example Trac (a wiki system), Wordpress, Django apps, Mailservers, torrent-
servers. Basic stuff which just makes it easier for me to deploy my creations,
and those of others.

~~~
buster
Absolutely love docker, hope to see it mature even more :)

I am currently playing around with it and building a messaging platform
playground. One "pain" so far is that docker's IPAddress assignment is not
very flexible. Will it be possible to assign IP addresses to containers (e.g.
from "docker run")? Or have a better control what IPAddresses are used (like
giving a network range on docker -d)?

If i am not mistaken docker saves changes in containers through aufs and keeps
those changes as separate images on disk, right? I'm currently working with
containers which keep their state on the host OS (by mount bindings) and thus,
i don't want to keep old images of not-running containers. Will there be some
switch to disable that or clean up old ones? Maybe i am misinterpreting
something, but i'm new to docker ;)

Anyway, keep up the great work, i am very impressed with docker, kudos!!

~~~
tmzt
Currently using the unionize.sh script works very well for me.

[http://blog.docker.io/2013/04/unionize-network-
superpowers-f...](http://blog.docker.io/2013/04/unionize-network-superpowers-
for-your-docker-containers/)

You have to run ./unionize <bridge> <container sha1> <ip address> after
starting the container, but that brings up a new interface inside the
container with that IP and connects it to the bridge.

This is useful for having private IPs between containers of an application,
for accessing databases or similar.

~~~
buster
I was starting with unionize as well, but the fact is that docker looks up for
available IP adresses on its own. So you can give docker -d the -b parameter
and pass an existing bridge and it will go through that bridges IP space and
assign IP adresses already. Also that way the IP address shows in "docker
inspect" which it doesn't with unionize.sh (i think).

The problem here is that the built-in IP Address allocator is rather stupid
and doesn't even try to ping an address before assigning it. I got it to
interfere with my network heavily when it assigned my gateways IP Address to a
container ;)

It'd be nice if the whole IP Address allocation was more pluggable or
configurable. Right now it's some code deeply tied into the whole system (i
think) and i fear i don't have the Go skills to change that myself :(

(for example, i think i would have been able to write a little bit of Go to
assign IP Addresses the way i want to, if the system would be more pluggable)

------
zhemao
Haha, I had a good laugh upon hearing that Docker cannot run inside of itself.
Is this an LXC limitation? Clearly the solution was to run Docker inside of
KVM inside of Docker.

But seriously, nice job. I haven't used docker yet because I want to play
around with the standard lxc utilities first. But this is pretty awesome.

~~~
jpetazzo
Actually, I've ran Docker within QEMU within Docker (using v9fs so that QEMU
could use the container's FS as root FS). Works, but painfully slow and not
very resource-efficient :-)

~~~
shykes
I will add that Docker is getting an architecture upgrade, and in the future
will support nesting :)

------
limist
8 steps, 15-20 minutes, and you'll get an initial understanding of a much
better way to do devops/deployment, including scalability. Thanks Docker!

------
kinleyd
I've been playing a bit with Docker and found I couldn't get the kernel option
to work (the linux-aufs_friendly kernel just wouldn't work on my Arch setup).
However, that forced me to the option of using vagrant to set up a vm with
docker configured and I found that great - I recommend this option over
playing with your kernel.

I'm a long time virtualbox user but had never played with headless vms and
never realized how easy that is with vagrant. Additionally, using vagrant to
get a coreos vm running, with docker all set up, was pretty cool. So far I'm
finding the payload of the vms rather heavy (with the os overhead), but I
haven't really got down to setting up individual docker app containers. I'm
looking forward to that, and even more to what could lie ahead for this space:
vagrant, coreos, docker, chef/puppet all look to making a very promising
convergence.

~~~
mateuszf
Probably it won't help you, but Docker is working on my Arch with linux-
aufs_friendly kernel.

~~~
kinleyd
I suspect it must have something to do with my set up. My first suspicion was
my nvidia drivers (304xx) but I recall not even being able to boot in console
mode. I'll give it another shot later but for the moment vagrant's doing a
fine job putting it all together.

------
agumonkey
Enjoyed it, more would be welcome, only if you have more time to give of
course.

ps: especially on committing and layering.

~~~
dhrp
Yeah. The committing and layering stuff is not the easiest to grasp. There is
actually a section on the docs that does a decent job explaining these
concepts but it is a bit hidden:
[http://docs.docker.io/en/latest/terms/](http://docs.docker.io/en/latest/terms/)

------
kclay
Well thanks I plan on using docker to deploy a jvm app soon, this should help.

~~~
tmzt
This should help a bit more with your specific case:

[http://blogs.atlassian.com/2013/06/deploy-java-apps-with-
doc...](http://blogs.atlassian.com/2013/06/deploy-java-apps-with-docker-
awesome/)

------
seiji
Why is the docker hype machine cranked up to 11?

~~~
shykes
Hi seiji, I'm the author of Docker.

There is hype around docker, for sure. The optimist in me likes to think that
it's because people find the project useful and are excited about the
possibilities of containers in general - which I believe are huge.

Me and the dotCloud team have been working on container technology since 2008.
For a long time it felt like preaching in the desert - mostly because it
required exotic patches to the kernel which made widespread adoption
difficult. So it's very rewarding to see more people adopt containers, and of
course it's great to be on the right side of the hype for a change. But if we
hadn't been at the right place at the right time, someone else would have done
it instead. Containers are just too important and useful to _not_ blow up.

~~~
e12e
Could you share some thoughts (or links) on the differences between LXC and
linux-vserver? I played a little bit with that, and it seemed to promise "true
jails" for Linux -- and LXC seems to be a natural successor -- any comment of
what we've gained/lost from the "transition"?

I'd also love to hear what people think about the relationship between
freebsd+jails, solaris+zones and Linux+LXC/docker and/or if it would make
sense to modularize the back-end so that "docker" (as in the daemon/management
tools) would work for maintaining jails and/or zones as well?

It'd be fun to be able to run docker+LXC under GNU Debian/Linux, and
docker+jails under GNU Debian/kFreebsd (and ditto for the Debian-like/Ubunut-
based solaris distros)... Maybe not _useful_ , but interesting...

~~~
shykes
> _Could you share some thoughts (or links) on the differences between LXC and
> linux-vserver?_

vserver, lxc and openvz were 3 competing projects to add process-level
isolation to the linux kernel. We used all 3 of them extensively (the ancestor
of docker was based on vserver, then ported to openvz, then finally to lxc).
They all had pros and cons, but in the end the only meaningful difference is
that lxc got merged upstream, and the others didn't.

> _would make sense to modularize the back-end so that "docker" (as in the
> daemon/management tools) would work for maintaining jails and/or zones as
> well?_

Absolutely. That is the goal, and starting with 0.8 Docker's architecture will
be modular enough to support it.

See this blog post for details: [http://blog.docker.io/2013/08/getting-to-
docker-1-0/](http://blog.docker.io/2013/08/getting-to-docker-1-0/)

