SlideShare a Scribd company logo

Automate drupal deployments with linux containers, docker and vagrant

Ricardo Amaro
Ricardo Amaro

This document discusses strategies for automating Drupal deployments using Linux containers, Vagrant, and Docker. It begins with an overview of virtual machines and their disadvantages compared to containers. It then covers using Linux containers (LXC), Vagrant, and Docker to build and deploy containerized Drupal environments that can be easily reproduced and deployed across different systems. The document provides examples of building Drupal containers using LXC, Vagrant, and Docker that take advantage of their portability and reproducibility.

Related slideshows

Kubernetes and Cloud Native Update Q4 2018
Kubernetes and Cloud Native Update Q4 2018Kubernetes and Cloud Native Update Q4 2018
Kubernetes and Cloud Native Update Q4 2018
 
Hadoop Cluster on Docker Containers
Hadoop Cluster on Docker ContainersHadoop Cluster on Docker Containers
Hadoop Cluster on Docker Containers
 
YARN and the Docker container runtime
YARN and the Docker container runtimeYARN and the Docker container runtime
YARN and the Docker container runtime
 
1 of 43
Download to read offline
Automate Drupal deployments with Linux Containers, Vagrant and Docker An overview of deployment strategies @ricardoamaro
Free/Opensource software lover Senior Cloud Engineer @Acquia Drupal.org infrastructure/devops Drupalist & Linux enthusiast Father, artist, community facilitator @ricardoamaro About me
Vicente e Dália About us
1. The sad VirtualMachine story 2. Containers and non-containers 3. Drupal on LXC 4. How to Puppetize a container 5. Docker & LXC 6. Shipping containers with Drupal today’s agenda
Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. What is virtualization?
Cloud infrastructure providers like Amazon Web Service sell virtual machines. EC2 revenue is expected to surpass $1B in revenue this year. That's a lot of VMs… Why should i care? Increase + efficiency + availability + security Reduce - costs - hardware - energy
Virtual Machine platforms
➢ We are also paying for lot of avoidable overhead. ➢ The Virtual Machine is a full-blown operating system image. ➢ This is a heavyweight solution to run applications in the cloud. The sad Virtual Machine story...
What is the solution?
Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore A new concept, a new hope
Because LXC is ready to roll!
On any recent Linux Kernel near you!
Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Virtualization and paravirtualization require a full operating system image for each instance.
Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Containers can share a single Linux Kernel and, optionally, other binary and library resources.
The time to provision Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
mount /dev/sda /target chroot /target but that had no resource and security isolation goals for multi-tenant designs... From the simple concept of “chroot” source: http://openvz.org
Cpu Devices Processes Memory Disk space Network Whatifyoucouldcontrol...
Openvz & LXC Need control over specific host resources cgroups Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour. ~$ ls /sys/fs/cgroup blkio cpu cpuacct cpuset devices freezer hugetlb memory perf_event example: lxc-cgroup -n foo cpuset.cpus "0,3" Containers & Cgroups https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
ricardo@ricardo-box:~$ sudo lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.8.0-26-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig LXC on Ubuntu
Since Ubuntu 12.04, containers are constrained by apparmor by default - /usr/bin/lxc-start is automatically transitioned to its own profile, where it is only allowed to mount into the container’s tree. - The default policy attempts to protect the host from accidental container abuses – such as writing to /proc/sysrq- trigger and /proc/mem, - Each container configuration can specify a custom profile. On Ubuntu 13.04 - We are able to exploit user namespaces and support stacked apparmor profiles - Apport hooks for better debug support, - Greater scriptability by providing a liblxc api. By 14.04 User namespace should support container use by unprivileged users. Other resources: http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html https://wiki.ubuntu.com/LxcSecurity http://wiki.ubuntu.com/UserNamespace LXC Security with Apparmor
Wait… I don’t have to use heavy virtualboxes? Let’s start with Vagrant and puppetize it! You just need that guy
You will get: 1. Drupal (latest version) 2. Nginx 3. Php + php-fpm 4. Mysql 5. Phpmyadmin 6. xhprof 7. xdebug 8. composer https://github.com/ricardoamaro/drupal-lxc-vagrant-docker My contribution to Drupal Containers
Install latest Vagrant from: http://downloads.vagrantup.com/tags/v1.2.7 or later. Install lxc + redir. sudo dpkg -i vagrant_1.2.7_x86_64.deb sudo apt-get install lxc redir Vagrant LXC (demo) - Install
Get the code from: https://github.com/ricardoamaro/drupal-lxc-vagrant-docker git clone git@github.com:ricardoamaro/drupal-lxc-vagrant-docker. git cd ~/drupal-lxc-vagrant-docker 1 - Clone the code
vagrant plugin install vagrant-lxc vagrant up --provider=lxc sudo lxc-ls --fancy # redirect port 80 to the host sudo redir --lport=80 --cport=80 --caddr={container ip} & # and/or edit the /etc/hosts file with: ${IP} drupal phpmyadmin xhprof 2 - Get the plugin & deploy
Now… I have to buildthis every time?
Automate drupal deployments with linux containers, docker and vagrant
use Docker
Docker Who??
this Docker and ship them has containers
Ship containers? Build Once, Run Anywhere
Install docker: sudo apt-get -y install docker curl get.docker.io | sudo sh -x Import container to docker: sudo tar -C /var/lib/lxc/{container name}/rootfs/ -c . | sudo docker import - dev/drupal Start docker: sudo docker run -i -t -p :80 dev/drupal /bin/bash The image is already pushed to https://index.docker.io, and can be pulled using: sudo docker pull ricardoamaro/drupal You can ship your image into a Docker container
https://github.com/ricardoamaro/docker-drupal https://github.com/ricardoamaro/docker-drupal-nginx Or... build it the Docker way:
Automate drupal deployments with linux containers, docker and vagrant
the Commands: attach Attach to a running container commit Create a new image from a container's changes diff Inspect changes on a container's filesystem export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container login Register or Login to the docker registry server logs Fetch the logs of a container port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ps List containers pull Pull an image or a repository to the docker registry server push Push an image or a repository to the docker registry server restart Restart a running container rm Remove a container rmi Remove an image run Run a command in a new container start Start a stopped container stop Stop a running container tag Tag an image into a repository version Show the docker version information wait Block until a container stops, then print its exit code The docker is awesome! the Api http://docs.docker.io/en/latest/api/registry_index_spec/ the Registry http://docs.docker.io/en/latest/api/index_api/
Docker on Docker (v0.6)
Container layers to be used for hosting applications Continuous Deployments & Development
Changes to the container can be committed to the central index or rolled back Just commit the good apples
Openstack and Docker... The future has a bonus extra: http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-with-nova/ https://wiki.openstack.org/wiki/Docker
“Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc.” And it supports Docker containers! This project is open-source and available at: https://github.com/dotcloud/openstack-docker. ...with the Nova driver
Develop the box in layers Use only one Linux Kernel Deploy quickly Build Once, Run Anywhere Awesomeness!
@ricardoamaro Questions? Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link
THANK YOU! @ricardoamaro Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link

More Related Content

Automate drupal deployments with linux containers, docker and vagrant

  • 1. Automate Drupal deployments with Linux Containers, Vagrant and Docker An overview of deployment strategies @ricardoamaro
  • 2. Free/Opensource software lover Senior Cloud Engineer @Acquia Drupal.org infrastructure/devops Drupalist & Linux enthusiast Father, artist, community facilitator @ricardoamaro About me
  • 4. 1. The sad VirtualMachine story 2. Containers and non-containers 3. Drupal on LXC 4. How to Puppetize a container 5. Docker & LXC 6. Shipping containers with Drupal today’s agenda
  • 5. Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. What is virtualization?
  • 6. Cloud infrastructure providers like Amazon Web Service sell virtual machines. EC2 revenue is expected to surpass $1B in revenue this year. That's a lot of VMs… Why should i care? Increase + efficiency + availability + security Reduce - costs - hardware - energy
  • 8. ➢ We are also paying for lot of avoidable overhead. ➢ The Virtual Machine is a full-blown operating system image. ➢ This is a heavyweight solution to run applications in the cloud. The sad Virtual Machine story...
  • 9. What is the solution?
  • 10. Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore A new concept, a new hope
  • 11. Because LXC is ready to roll!
  • 12. On any recent Linux Kernel near you!
  • 13. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Virtualization and paravirtualization require a full operating system image for each instance.
  • 14. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Containers can share a single Linux Kernel and, optionally, other binary and library resources.
  • 15. The time to provision Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
  • 16. mount /dev/sda /target chroot /target but that had no resource and security isolation goals for multi-tenant designs... From the simple concept of “chroot” source: http://openvz.org
  • 18. Openvz & LXC Need control over specific host resources cgroups Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour. ~$ ls /sys/fs/cgroup blkio cpu cpuacct cpuset devices freezer hugetlb memory perf_event example: lxc-cgroup -n foo cpuset.cpus "0,3" Containers & Cgroups https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
  • 19. ricardo@ricardo-box:~$ sudo lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.8.0-26-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig LXC on Ubuntu
  • 20. Since Ubuntu 12.04, containers are constrained by apparmor by default - /usr/bin/lxc-start is automatically transitioned to its own profile, where it is only allowed to mount into the container’s tree. - The default policy attempts to protect the host from accidental container abuses – such as writing to /proc/sysrq- trigger and /proc/mem, - Each container configuration can specify a custom profile. On Ubuntu 13.04 - We are able to exploit user namespaces and support stacked apparmor profiles - Apport hooks for better debug support, - Greater scriptability by providing a liblxc api. By 14.04 User namespace should support container use by unprivileged users. Other resources: http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html https://wiki.ubuntu.com/LxcSecurity http://wiki.ubuntu.com/UserNamespace LXC Security with Apparmor
  • 21. Wait… I don’t have to use heavy virtualboxes? Let’s start with Vagrant and puppetize it! You just need that guy
  • 22. You will get: 1. Drupal (latest version) 2. Nginx 3. Php + php-fpm 4. Mysql 5. Phpmyadmin 6. xhprof 7. xdebug 8. composer https://github.com/ricardoamaro/drupal-lxc-vagrant-docker My contribution to Drupal Containers
  • 23. Install latest Vagrant from: http://downloads.vagrantup.com/tags/v1.2.7 or later. Install lxc + redir. sudo dpkg -i vagrant_1.2.7_x86_64.deb sudo apt-get install lxc redir Vagrant LXC (demo) - Install
  • 24. Get the code from: https://github.com/ricardoamaro/drupal-lxc-vagrant-docker git clone git@github.com:ricardoamaro/drupal-lxc-vagrant-docker. git cd ~/drupal-lxc-vagrant-docker 1 - Clone the code
  • 25. vagrant plugin install vagrant-lxc vagrant up --provider=lxc sudo lxc-ls --fancy # redirect port 80 to the host sudo redir --lport=80 --cport=80 --caddr={container ip} & # and/or edit the /etc/hosts file with: ${IP} drupal phpmyadmin xhprof 2 - Get the plugin & deploy
  • 30. this Docker and ship them has containers
  • 31. Ship containers? Build Once, Run Anywhere
  • 32. Install docker: sudo apt-get -y install docker curl get.docker.io | sudo sh -x Import container to docker: sudo tar -C /var/lib/lxc/{container name}/rootfs/ -c . | sudo docker import - dev/drupal Start docker: sudo docker run -i -t -p :80 dev/drupal /bin/bash The image is already pushed to https://index.docker.io, and can be pulled using: sudo docker pull ricardoamaro/drupal You can ship your image into a Docker container
  • 35. the Commands: attach Attach to a running container commit Create a new image from a container's changes diff Inspect changes on a container's filesystem export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container login Register or Login to the docker registry server logs Fetch the logs of a container port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ps List containers pull Pull an image or a repository to the docker registry server push Push an image or a repository to the docker registry server restart Restart a running container rm Remove a container rmi Remove an image run Run a command in a new container start Start a stopped container stop Stop a running container tag Tag an image into a repository version Show the docker version information wait Block until a container stops, then print its exit code The docker is awesome! the Api http://docs.docker.io/en/latest/api/registry_index_spec/ the Registry http://docs.docker.io/en/latest/api/index_api/
  • 37. Container layers to be used for hosting applications Continuous Deployments & Development
  • 38. Changes to the container can be committed to the central index or rolled back Just commit the good apples
  • 39. Openstack and Docker... The future has a bonus extra: http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-with-nova/ https://wiki.openstack.org/wiki/Docker
  • 40. “Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc.” And it supports Docker containers! This project is open-source and available at: https://github.com/dotcloud/openstack-docker. ...with the Nova driver
  • 41. Develop the box in layers Use only one Linux Kernel Deploy quickly Build Once, Run Anywhere Awesomeness!
  • 42. @ricardoamaro Questions? Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link
  • 43. THANK YOU! @ricardoamaro Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link