Docker und das Univention App Center

50 %
50 %
Information about Docker und das Univention App Center

Published on January 25, 2016

Author: Univention


1. be open. BUILD Docker und das Univention App Center ill univemion surnmli Dr. Alexander Klaser k| aeser@univention. de Open Source Software Engineer

2. l l ,4 ‘li-. .. -: -er. Docker und das ill I I Univention App Center 3!. »-‘r-. _ - ~ x W. ‘ Dr. Alexander Klaser ' lffififw klaeser@univention. de ‘Den Source Software Engineer OllJr goal What do if.1)e do? Coffltainerization l our way towards Docker / ‘IV / / /’

3. l : ‘ Ul'l| Vel'II|0n App Center q r: ..: .-* '. ‘ ' ‘”‘1‘$‘ Dr. Alexander Klaser klaeser@univention. de Open Source Software Engineer

4. What is omr goal? Allow to combine IT technologies in an easy manner Openness Freedomlof choice Competitionl& innovation Good solutions Clients can have control over their IT infrastructure at univemion SUFTWTIIT be open. BUILD SUCCESS

5. l l ,4 ‘li-. .. -: -er. Docker und das ill I I Univention App Center 3!. »-‘r-. _ - ~ x W. ‘ Dr. Alexander Klaser ' lffififw klaeser@univention. de ‘Den Source Software Engineer Oi. ‘iJr goal What do lf; .)e do? Coffltainerization I Our way towards Docker / ‘IV / / /’

6. ll

7. Common features of UCS II Management of (heterogenous) IT infrastructure II Single point of administration I) UCS on-premises & in the cloud & hybrid II UCS as member or replacement of existing Microsoft domain be open. BUILD success I! ‘ U"‘V§3,: I,9.t: if

8. I-Iow UCS helps lSVs and CSPS E: s z E 3 s -‘< E .3 .9 a E E E 9 :3. Cloud Service Provider Vice Software 59' Vendors , _ _: - . ' 11 , ,,. .‘3.‘§i‘. ‘.‘3,'—'-~_-5-— : - ucs _ ’~. '7. ‘ '1-_ I ‘ " ‘Ks 4"*l' ~' I ‘ - 4' =8-~~ ‘ y'_‘-' I Cloud Service ''‘“'a5””°“'' 9, Provider . .;. ... r.; .. : lllliil». ~illrliT#. -3»: U""""§‘_"‘. '|i“. i.'”

9. UCS as platform for 3rd party software I) think of UCS as Android for servers I) Management via App Center & simple installation I) Integration into existing (hybrid) IT infrastructure I) Integration into UCS web interface I) Ecosystem of different solutions I) Reporting tools for billing be open. BUILD SUCCESS *9 ““‘V§5‘, I,‘, ‘,’, I,‘

10. r1l. 'I%l&“fI1l'l_(11."f‘flI‘. illllwlii I011 do - Ul‘il'. /(‘fll| (lfl f‘-'lr‘lf‘IFlgFfll("f‘ll ( nnsolr - ( nlnmlilln ’flI masrer-ID demo lln xi - (- C’ If demo. unlventlon. de - ‘ I -'= . . r - 0‘ E (II unlvenflon G) I. master40.demo. unlventlon. de . I.AdministratorG) Module search Q App Center . ‘~ ‘I Q Available Available . K2 agorum core Pro AstcrisI<4UCS auralis Bacula Enterprise lclnga Edition odoo Kasvvrsfir Sm-Illlr KIX40TRS 6 Maildlsclalmer Odco for llnux Mdll Se-lvlli _L‘: i'r. -am, 7 / " 4 O. ID3A In, » -. I. owncloud 8.2 OX App Suite prlvacyIDEA Zarafd Cnl abo--Won Platform be open. BUILD success I! ‘ U"‘V§l§*, :,‘, $-1,’:

11. Current challenges ll Continuously growing number of UCS systems ll Continuously growing number of apps (currently ca. 70) ll App has full access to UCS system ll Possible conflicts in software dependencies + ports ll More apps —> increasing update complexity ll App needs to be supplied as Debian package ll Solution: Containerization (via Docker) univention summit be open. BUILD SUCCESS

12. ii i ,4 ‘xi-. .. -: -2.. Docker und das ill I I Univention App Center 33.! -‘ls _ - ~ ‘ 5"‘ ‘ Dr. Alexander Klaser ' lffififw klaeser@univention. de ‘Den Source Software Engineer Oi. iJr goal What do ifjje do? Containerization l our way towards Docker / ‘IV / / /’

13. ’iZaiii€; i“iZEi, il= @M

14. Analogy to transport system ll Standardized containers ll Decoupling of transport & content boopon. BUl| .DSUCCESS wunivgpggp

15. Software container ll Standardization of software environment ii Correct execution can be assured ii Software developer is in charge of the inside i) Operator of infrastructure is in charge of the handling ii Linux kernel allows clean sandboxing: Control groups + namespaces + capabilities = containers ii Low overhead, container process runs natively in host kernel

16. Control Groups (cgroups) ii Group processes in a hierarchical manner ii Can limit usage of memory, CPU, network, disk I/ O ii Processes can be assigned to cgroups

17. i'5c‘. i"I'i3S§3 aces ll Isolate processes from each other I) No access possible to ressources of different processes I) Namespaces: PID, UID, hostname, network stack, mount points, . .;. ... I;, ., : lllllI*»-. ‘iIll-ll"l5.-1‘ U--I-| ‘~; —3_j; f}. :.= ll

18. capabilities I) Allow fine grained right control of the user root ii like setuid but much more detailed ii Can be set individually for different processes

19. APP BinlLibs VM ~ Guest OS Hypervisor Host OS Server Ii: -IJI['. ,'I, :Il]lIIK1I[RK$£. / M vs. Container APP Container Bin/ Libs Container Engine Host 03 Server LJIIlIlvl'. lIIilIII‘ ': 'IIlIIII"IIi

20. Docker ii Offers tools for efficient usage of Linux kernel container technology (which already exists since 2.6.29) I) Abstracts many details (handling of network, namespaces, cgroups, mounting etc. ) I) Docker container starts as a single command I) Container is not booted (/ sbin/ init needs to be called manually) I) Software dependencies are stored on separate R0 images I) Containers can share images I) Only first layer is writable (copy-on-write) docker

21. r o Container life cycle Download from Commit repository Command execution Build process I Restart Container Import from I / Delete archive file Stopped state

22. I I .4 ‘II. .. I: -2.. Docker und das ill I I Univention App Center 3!. »-I-. - ~ “Hf. ‘ Dr. Alexander Klaser ' lffifilfw k| aeser@unIventIon. de “Den Source Software Engineer OI. iJr goal What do If.1)e do? Containerization I our way towards Docker / ‘IV / / /’

23. Ill

24. I, E‘-v«fi‘, .—‘ v_I_ I " I I I =2 I s I It | l? tI= .III‘I. ~i= .IT. Ie, Iii UCS UCS ucs I , ,., . , ,,_, Domain , “__L_--If E : I.I; I_; t_‘I ‘I at-I; -_)'; Controller . A Master ,1 mm; -:. Uiumziulflolon‘: l!iII[luI§-gttfr, '1‘-I°"€lllf: 'lIlI! ~|‘1_li‘I"7 II-I>I(I. I . IoIgilII: UCS Domain UCS UCS 'l_. °,l‘. "'T‘ 'l; l;'T‘ 1 ‘I. -I. -if ‘I: I.. -rs“ be open. BUILD SUCCESS ID U"IVgL? rfjr91[;

25. ;'E3 '5’: C I’ I’ I I I I , App1 I II’ App2 I, ’ I : I I ‘I I. II R . .. I Q .3: App1 App2 Univention Runtime Env. Debian boostrap Docker engine v ' 1 W“ ‘. s'. '.-. ‘%. =.'. »

26. How to L! pciate? )) Solution for existing Debian packaged UCS apps )) Run Debian update routines within container )) Migration logic contained in Debian maintainer scripts )) Works out of the box 2-) )) Container grows (and saturates) in size : -/ )) Solution for native containers )) Discard container and get a updated one )) Extensible migration logic to persist configuration + data via dedicated scripts (storedata, restoredata*) . .;. ... g;; .t ziriiimiriaiii. -35 U"""": ‘_"‘: |i“. i.'”

27. How to persist clata? II User data I) Via dedicated mount point / var/ lib/ univention-appcenter II Mount point exists on host + in container II Migration scripts can store data therein I) Configuration data I) Univention Config Registry (UCR) covers many aspects and can easily be migrated II Migrations scripts take UCR + join stati (among others) into account I) Additional logic via app specific migration scripts . .;. ... I;; .. : lIlllI*~. ‘1lll-Il"i5.-1‘ U--I-""; —3_j; f}. :.= ll

28. How to access Apps? II Container runs on host-only-network ( —» access from outside not possible I) App joins as member server into the domain I) Reverse proxy allows transparent web access I) Further ports can be configured to be re-routed I) Online configuration (of specified UCR variables) possible via Univention App Center interface I) Shortcut to execute commands within app container: univention-app shell <appid> <command> . .;. ... I;; .. : lIlllI*~. ‘1lll-ll"i5.-1‘ U--I-""; —3_j; f}. :.= ll

29. What else. .. ? II Ongoing research project together with the German Research Center for Artificial Intelligence (DFKI) II Theoretic considerations w. r.t. access/ information flow control II Integration of SELinux II UCS available as Docker container itself. ..

30. ., ,0 rup-». 'vr. :,t; r1u; |<»; -(Q: -v. r., .=. ;-we: -1up; U. [;m| mII V / 9 be open. BUILD SUCCESS 5‘ ““‘V§§, fj, ?1[}

31. Q iiu, -nvllm "llI'1IIii| llI X . u _ Av nttpsj/ hub. ooc| <er. c x ‘ ‘E (- c fi iV-'fp'- ', hub. docker. cnm: ~ , .r ' _- : - --. ~ Ir as 5 . =.~§it-: : : (ii: - o_. .~ | ‘.i +l. 'j'IIM4 PUBLIC REPOSITORY univerition/ ucs-generic-amd64 12? Re; -. Ir"; S'10I". Des-: rip'ion Docknr Put Co'rir~nnd [3 Geri-inc UCS H. [)[)7I.1i’-(1!-I in age inr Unw: -wiiiuri C()V[K)lHlP. SI-"VI-II (UCS) dockr; i' pull. .lliiVf. ‘iI1D’i/ UCS Fii D0-! ~‘-Clipl-Oll ~ 0-“ "V 0 univention ['3 be open. What services does this image provide Th S IH‘-(. ;L' type LJfOVldt; ) an UCS g<_'-”LY : UCS nu: :. ,-ncu, How to use this image Pull the lat‘ v-)'5ion wt’! (lock: -r pull uiilveiil tori/ tics-geriev LC-. nnd64 O1'i-. >r ‘iL"b ons can be U6‘-Vf‘i! OuCL‘d : Iy <. -av; -c tying the V. -.'-, on 1&9. c U unI'. vr-nt-ari. ucsgnneric—nmd64 -1 0-2 ‘N2 4 our '. '0r‘: ~ one we ll“£ r-n: -:~. to. d ar- Dockei H‘/ ‘i-I55 ‘ L‘. III“Vl'SIlIillI: Vv’

32. all: -.-i1lli. I|-. uu , ..4 : <.= iI«-mil HIinihaanilt-; mI. vei. a I: =n‘i- mint-I-1-Ma; -pv V‘ In‘ I-iulim Ii , r-uxl . - _ 4-mtpSJmub. do: |<er. c x ‘ ¢- (3 5 hfipx‘, hUb. dOCkEf. COlI'1i"‘-‘ , - '- - -; - iv. ‘ ---. w I - -.1 m 5 _= .ei)t-is : ui: - o_¢: —- i'I +. :£: I‘I"i-4 PUBLIC REPOSITORY univention/ ucs-generic-amd64 fir a_; : Tag Nam: -' Size lateral 359 MB 4.143 359 MB | 4.0-1 306 MB 4.0-C‘ 176 MB A {I-2 568 MB gt-inltu-_i-iii-i Ii: --i! i:ii. ..= i|l| l|K 1. , *// :2 ( 3.. ... . {-7

  • 33. Run a UCS container docker pull univention/ ucs-generic—amd64 docker run -d --name dockertestcontainer --hostname= dockertest -e domainname= testdomain. local -e nameserver1= -e rootpwd= univention -p 8015:80 univention/ ucs-generic-amd64 / sbin/ init docker exec -it dockertestcontainer / bin/ bash )) See also wiki. univention. com/ Docker )) Note: App Center pulls from docker. software-univention. de be open. BUILD SUCCESS at univention summit
  • 34. )) First containerized apps are in the pipeline. .. )) Support (native) containers (e. g., from Docker Hub) on UCS )) Publish UCS apps automatically at Docker Hub and at Amazon, Azure, Google )) in addition to downloadable images (KVM, VirtualBox, VMWare, Hyper-V) )) Support multiple containers per app )) Migrate existing apps into containers )) Further refine conventions for container apps )) Join in, take advantage of a versatile & open platform : -) , .;_, l,, .;. mu“ _‘-1|iH, ‘f; g1,§ UlIl! lvlE‘_‘1.'-: .t‘il. f.l”
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.


    Add a comment

    Related pages

    Neu in UCS 4.1: Docker Apps für das Univention App Center

    Mit UCS 4.1 unterstützt das Univention App Center auch Applikationen, die auf der Containertechnologie Docker aufsetzen. Hintergründe dazu gibt es hier.
    Read more

    Univention App Center – Apps für UCS installieren und ...

    Univention Apps. Viele Univention Apps stehen als vorkonfigurierte Images für die Virtualisierungsumgebungen KVM, VMware und VirtualBox zur Verfügung.
    Read more

    Univention und TecArt veröffentlichen erstes App-Bundle ...

    ... verantwortlicher Produktmanager für das Univention App Center, ... „TecArt nutzt als erster Hersteller unsere neue Docker-Integration des App Centers.
    Read more

    Univention und TecArt veröffentlichen erstes App-Bundle ...

    Als erster Drittanbieter mit Docker-Integration wurde die App des Software-Herstellers TecArt im App Center der Servermanagement-Lösung Univention Corporate
    Read more

    New in UCS 4.1: Docker Apps for the Univention App Center ...

    With UCS 4.1 the Univention App Center now supports applications based on the container technology of Docker. Find further information in this article.
    Read more

    Univention & TecArt publish app bundle with Docker integration

    In our App Center the new TecArt app, the first application based on the state-of-the-art “Docker” container technology for operation in UCS is available.
    Read more

    Univention - Forum • Thema anzeigen - Docker: (Image ...

    ... ins App Center soll im Idealfall via Dockerimage passieren. Hierfür ist die Software, ... docker pull univention/ucs-member-amd64:4.0-2
    Read more

    Univention Corporate Server 4.1 mit Docker-Support | heise ...

    Zu den wichtigsten Neuerungen in Version 4.1 des UCS gehören die Unterstützung Docker-basierter Apps im Univention App Center, ein neuer Single-Sign-On ...
    Read more

    UCS erhält Docker und Single Sign-On - DataCenter-Insider ...

    Fertige Container aus dem Univention App Center? Univention wäre in der Lage, künftig Applikationen in seinem App Center als Container zur Verfügung zu ...
    Read more