David Currie

I picked up a copy of Docker in Production – Lessons from the Trenches during a recent O’Reilly sale, hoping to pick up some tips to pass on to customers that I work with. I have to say that I was disappointed! It’s not that the book isn’t full of useful information. It is. After a good start, it just failed to deliver on the title for me.

After covering the basics and the likely areas of concern, it introduces an example with the wise words that not everyone is looking to deploy a platform for running tens of thousands of containers and that even small deployments can benefit from their use. The example describes a simple environment using systemd to stand up a static topology with the ability to provide environment specific configuration. Just the sort of concrete material I was hoping for.

The next couple of chapters provided further examples from a second company: one using a simple scripted approach and another using AWS Beanstalk. So far, so good. At this point the book changed tack though and switched to covering different subject areas such as security, building and storing images, configuration management, networking, scheduling, service discovery, and concluding with logging and monitoring. Although, as I say, there was lots of good information scattered throughout, these chapters somehow felt like they were just giving an overview of the current state of the Docker ecosystem without giving much in the way of guidance as to how to select from the myriad of options to create a production-ready solution.

Perhaps I’m being unfair and this is simply a reflection on the current state of play. Whilst the Docker feature set is still being fleshed out there are still many compromises to be made and over time we may see more repeatable deployment patterns emerging. The fact that much of the material in the book was not new to me is probably a reflection of the efforts I am taking to keep up with what is a rapidly transforming area.

One final thought: it will be interesting to contrast this book with the free eBooks series that The New Stack has just begun. The first book, entitled “The Docker and Container Ecosystem”, includes some interesting metrics to suggest who are the main players. The catalogue of services and projects that form the second half of the book is truly eye-watering and whilst it can be seen as an indicator of vibrancy, it does indicate a real need to be able to provide guidance to those who do not have the time or inclination to immerse themselves in this world.

On Friday I made my way up to the Barbican Centre for this year’s edition of Container Camp London. After a slow start (no-one seemed to know that we were supposed to descend five floors to the cinema in the bowls of the building) things finally got under way. Here’s a quick summary of the day’s sessions:

• Bryan Cantrill, CTO at Joyent kicked off the day with a animated romp through the history of containers ending with the view that containers deserve better than to be run in virtual machines and, perhaps not surprisingly, Joyent’s Triton project gives you the ability to turn the bare metal in your datacenter in to one large virtualized container host.
• Next up (after another hiatus to sort out projector woes) was Shannon Williams, co-founder of Rancher Labs. He talked about what you should be looking for in a private container service which again, not surprisingly, read much like a feature list for Rancher.
• Lack of network connectivity was the next issue which saw Bryan Boreham from Weaveworks take to the stage. Byran gave a technical presentation describing why consensus (as used by Consul or etcd) may be overkill and why Weave uses conflict-free replicated data types (CRDT) for service discovery and IP address management.
• Mandy Waite from Google gave an introduction to Kubernetes – nothing new there.
• Stephane Graber, who is the project lead for LXD at Canonical, gave a nice demo of some of the capabilities of LXD. He stressed that LXD is aimed aimed at system (i.e. whole OS) containers rather than application containers, suggesting, for example, that you might run Kubernetes under LXD. He failed, however, to explain what features differentiated it in this respect.
• There was selection of lightning talks over lunchtime, most of which now escape me. Ben Corrie from VMware spoke about Project Bonneville, demonstrating vSphere as a container host. Liz Rice would have demonstrated the real-time scaling of force12.io if she’d been able to connect to the screen.
• After lunch, Arjan Schaaf from Luminis illustrated that, as always, you should performance test. In this case, to understand the inter-container networking characteristics of your IaaS and SDN.
• Alissa Bonas from Redhat demonstrated the OpenShift/Kubernetes integration in ManageIQ that allows you to drill down from a container view of the world in to the underlying infrastructure (virtual or physical).
• Miek Gieben spoke about the dynamic, container-based infrastructure that powers Improbable.io based on Core OS, fleet, etcd and DNS.
• After yet another coffee break (queue trek back up five flights of stairs), Ben Hall gave an entertaining pitch on attempting to keep nefarious users at bay whilst giving them free reign over a Docker setup in his Scrapbook learning environment.
• This was followed by Diogo Monica of Docker cover the Notary and the Trusted Update Framework as integrated with Docker 1.8. I was just glad that I had saved watching Docker Online Meetup #24 for the journey home as it was the same slidedeck.
• Perhaps the most impressive session of the day was by Loris Degioanni, CEO at Sysdig. He started by talking about monitoring through tools such as Google’s cadvisor and Docker logs before giving a really powerful demonstration of the sort of information you could collate and navigate by inserting the sysdig kernel module on the Docker host.
• Last up was Juan Batiz-Benet who, although his presentation was entitled ‘Containers at Hyperspeed’ was, I suspect, going a little too fast for most people to keep up! The net was though that we should all be using IPFS to shift images around so that deduplication doesn’t stop at container layers but goes down to the individual file level.

As you can probably tell from my comments, the conference could have been slicker but it was still well worth the trip up to London. I’d say I learnt less than last year but that’s more because my own level of understanding has moved on. I’d also suggest that this year there was more of a focus on ‘doing with Docker’ than simply on the technology itself which indicates an increase in the maturity of the ecosystem.

I headed up to the London PaaS User Group Meetup yesterday evening. There were two speakers on the agenda. First up was Jeff Hobbs, CTO & VP Engineering at ActiveState with a pitch entitled Docker is not Enough (pretty much this deck). The main tenet being that Docker is not enough in itself as it just addresses packaging and execution. You need a PaaS to provide all of those other niceties like load balancing, auto-scaling, monitoring, centralised logging, audit, … My main issue with this pitch was simply that I don’t think anyone has ever claimed that Docker is enough. That’s why there’s a wealth of ecosystem projects surrounding Docker. And why does stackato (ActiveState’s Cloud Foundry based PaaS) use Docker for containerisation? Jeff stated that this was because the ops team would feel more comfortable dealing with this technology on the back end.

Second up was a late breaking change, my colleague Julz Friedman had stepped in to give a re-run of his Building a Docker backend for Garden presentation from the Cloud Foundry Summit. It was perhaps no great surprise to discover that, when you swap in Docker behind the Garden API, you don’t really see any benefits over the existing implementation (and, indeed, there are significant disadvantages for a multi-tenant PaaS such as the current lack of user namespace support in Docker). The one potential benefit that Julz did highlight was an increase in security, given that there are more eyes on the Docker codebase than Garden.

So why do I make the five hour round-trip in to London for a couple of sessions that I could have got off the internet? Was it the free beer and pizza? Well, no, although welcome, I think the train fare would have more than covered those. It is, of course, to meet people and to hear the Q&A where perhaps much of the interesting information is exchanged (and I caught up on some reading on the train!). There was a lively debate on the relative merits of Docker. One point that Jeff and Julz agreed upon was that the use of Docker images was a retrograde step versus the application centric view of PaaS, letting things that should be the responsibility of ops (e.g. patching OS images) become a part of the developer’s domain (Jeff quoted a stat that some 70% of images on Docker Hub were subject to vulnerabilities).

Anyone following the WASdev site may have noticed that I’ve been doing some work with WebSphere Liberty and Docker recently. I was therefore pleased to have successfully made it off the wait list in time to travel up to Docker London for my first meetup of the year on Tuesday evening.

The meeting was compèred by Ben Firshman from Docker and, after a mad scramble for the limited amount of pizza on offer for 200 people, the evening began with a short intro to SoftLayer who were sponsoring the venue. Andrew Martin from British Gas was the first of the main sessions, talking about Building and Testing Docker Containers as practised on their ‘connected boilers’ project. I’d seen Andrew speak at Container Camp at the same venue last year so I was glad that he’d included some new material, even if he did then have to race through it a bit. He’d probably have been fine just to cover building or testing rather than both.

Next up was Johan Euphrosine (aka proppy) from Google who demoed a few different ways to deploy Docker containers on Google Compute Engine. Hopefully there’ll be a recording of the event as, whether it was the strong French accent, or too much beer and not enough food, it was sometimes hard to keep up.

Last up was Dan Williams who provided an entertaining and enlightening presentation on what containers are really all about. It was just a shame that, in staying for his talk, we missed the last train before the Basingstoke-Winchester engineering works began and then a freight train broke down at Eastleigh. Suffice is to say that, despite a good evening, I would have preferred to get to bed slightly earlier than 1am!