Dockone WeChat Share (127): The alternative use of Docker is so simple and rude

This is a creation in Article, where the information may have evolved or changed.
"Editor's words" Now the industry mentions that Docker is bound to speak of Kubernetes, Mesos. Then it mentions rewriting Kubernetes, Mesos, optimizing the Ubuntu kernel and so on. As a resource-constrained user I can only say that I can't afford it. I just like to simplify things and work with minimal effort. Simple, rude, nothing bad.

"3 days Burn brain container Storage Network Training Camp |" This training is themed on container storage and networking, including: Docker Plugin, Docker storage driver, Docker Volume Pulgin, Kubernetes Storage mechanism, container network implementation principle and model, Docker network implementation, network plug-in, Calico, Contiv netplugin, open source enterprise-level image warehouse Harbor principle and implementation.

I say the alternative means that I use the native function, which is basically enough for us. It also saves a lot of development and maintenance work.

1. Minimize the use of Docker, ensure maximum resource utilization and service minute switching.

Now the industry mentioned that Docker is bound to speak of Kubernetes, Mesos. Then it mentions rewriting Kubernetes, Mesos, optimizing the Ubuntu kernel and so on. As a resource-constrained user I can only say that I can't afford it. So does that really need to be used? Do you have the tools that Docker comes with?

In fact, we are often in a state of excess consumption and excess demand. A lot of demand is pseudo-demand, there is no need to do everything 100%. The resources required to achieve this goal are dozens of times times more than the 70%. The goal of using tools is to solve problems with minimal input. Simple, rude, nothing bad.

First, we used Docker to solve the problem of service stability and resource shortage. Many of the existing critical systems (non-production) are running on old servers, saying hang on. Many systems run on VMS and host resources are low. Maybe suddenly the VM is blown up. Even the host directly hung, and can not start. If you want to get on the new system, the cabinet has no room. Therefore, in order to ensure the stability and efficiency of these systems, it is decided to migrate these systems to the Docker system.

Install Docker with a new batch of machines and set up a swarm cluster first. The service is then made into an image and uploaded to the Docker Hub on the cluster. All service ports are fixed and artificially staggered. The network all uses the host mode. All data is mounted from the external storage. It's so simple and rude.

Then start all the services on the swarm, look at the load situation, do not manually specify the machine. After all the boot is complete, the IP and port are filled in DNS and nginx. Other people can access the corresponding service through the domain name. If the service hangs, restart the service, and then modify the corresponding DNS and Nginx. If the service code changes, direct Jenkins compiles a new version of image to the Docker Hub. Stop the service, pull the mirror, reboot, modify DNS, which can be done through scripting.

The next step is to add the self-developed agent in all the mirrors to complete the service monitoring and complete the service self-discovery. Plus service monitoring. Basic can be used for a period of time, not to toss.

The disadvantage of this scheme is that if it is jira this kind of license software, you must manually re-obtain the machine information, and then reapply for license. But the normal service is just a year, and it doesn't matter. System monitoring is done through Zabix and our own agent. can also meet daily monitoring needs.

This set up the whole environment, 2 people to engage in two weeks on the line.

2. Planning for a medium-sized test environment Docker, environmental network isolation and continuous integration.

Because we are a financial company, the current production system is not planning on Docker. In a test environment, you can still use Docker.

Because multiple test environments need to be isolated from each other, and the service is generally deployed on port 80, it is a bit more advanced than the previous usage. Use Contiv to isolate VLANs. Each environment is isolated from each other. IP is also assigned automatically, without having to take care of itself. After the service starts, it reports the information itself, modifies the DNS and nginx information, and can be accessed internally and externally.

To build different Jenkins for different test environments, you can create a corresponding image to deploy to the corresponding test environment. The disadvantage is that the environment cannot be built and destroyed on demand. That also requires a lot of development work. The dynamic scaling of the entire Docker is not in the process of consideration. After all, the scale is small. Pre-divided 5, 6 sets of test environment enough to use.

This allows the entire CI to be built into the test environment.

Q&a

Q: How long does it take to start looking at Docker to finish the environment?

A: The previous study and selection took 2 months. After 1 months of foundation construction, the longest time is the docker of the old service, which has not been completed yet because of too much technical debt.

Q: Can you tell me why the production environment is not Docker, and what are the properties of the financial company?

A: Because financial firms have very high requirements for stability, they are also insensitive to the number of production servers and the vacancy rate. So new technology applications like Docker still need to be less quickly cut. At the same time, operation and maintenance team to learn, technical reserves, etc. are obstacles. So now many banks are just not important around, and the changing system is starting to try Docker.

Q: Do you want to know the process of integration?

The A:CI process is similar to a normal CI. The code changes after the trigger Jenkins,jenkins compiles, packages, and produces a new container version of the corresponding publishing unit. The corresponding script is then triggered to stop the service, take the image, and start the container.

Q: Why not consider playing on a private cloud platform?

A: Because of resource constraints, both hardware and manpower are insufficient. In addition, there are dozens of servers, not necessary. If there are hundreds of units should consider the resource scheduling and other factors.

Q: What kind of tools do you use for arranging management of containers?

A: We only use the native swarm. This does not take into account the open source software two development and tool version compatibility issues.

Q: How do I get the host to mount to storage and let the containers run in the store?

A: The container itself is on the disk of the Docker host, but other data: for example, the configuration file is mounted from the San to the container. This ensures that if the Docker host is down, the container can restart recovery on other hosts.

How is IP q:z387 assigned?

A:contiv will help you assign IP, without your own management.

Q: Why take Jira also Docker?

A: Because of insufficient resources, there is no strong host to run Jira, there is no way to master. So simply put these important systems in the container. This makes it possible to use fewer hosts to ensure performance and availability.

Q: Mirror with environment variable properties?

A: Look at the situation, we ran the image of the automated test has an environment variable attribute because there are many mutable parameters.

Q: If the service is hung, restart the service. Re-modify DNS and Nginx, Issue 1: The service hangs, swarm can be responsible for restarting it? Question 2: Why do I need to change DNS Nginx after reboot? Swarm's ingress network can be routed from any node to the corresponding container.

A: If the mirror is down, swarm will manage it. But if the service is not available, Swarm is not aware of it. This is the time to trigger a restart in service monitoring. Because the service also has a port problem, it is on the nginx to forward to the real service port. DNS is basically configured to Nginx, if the nginx hangs, it is necessary to re-point DNS.

Q: Is the application Java based, and how is the configuration file handled according to the environment?

A: Most of them are Java and Python. We have developed a set of configuration file management system, and the configuration files in the configuration of the name specification, so from one set of environment to another most of the situation is directly automatic modification.

Q: How do I do multi-release environmental isolation testing?

A: We have no such demand at the moment. The test environment is basically aligned with production. The special case is to choose a specific code version on Jenkins to deploy. So different kinds of code can be deployed in different environments.

Q: is ngin configured with container IP or physical machine IP?

The A:nginx is exposed to 80 ports on the container host.

Q: Is the configuration file for different environments replaced at the mirror level or at the container level ?

A: It's at the container level. There is an agent on each container that is responsible for pulling the configuration file.

The above content is organized according to the June 20, 2017 night group sharing content. Share people Sucarti, Sheng quality Process Center Manager. In the communications and the Internet tumbled and crawled for nearly 20 years. Almost every post in the research and development system. From junior yards to management. The first batch of Exin DEVOPS Master certification in China. Dockone Weekly will organize the technology to share, welcome interested students add: LIYINGJIESA, into group participation, you want to listen to the topic or want to share the topic can give us a message.