From 846c96384f5e112e2af9bf02d32173af70dbe69a Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 16 Apr 2017 15:11:15 -0500 Subject: [PATCH 1/5] demo: Update nginx build Signed-off-by: Rolf Neugebauer --- projects/demo/my-nginx/my-nginx.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/projects/demo/my-nginx/my-nginx.yml b/projects/demo/my-nginx/my-nginx.yml index 37704a26b..9914f1309 100644 --- a/projects/demo/my-nginx/my-nginx.yml +++ b/projects/demo/my-nginx/my-nginx.yml @@ -2,9 +2,9 @@ kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" init: - - linuxkit/init:42fe8cb1508b3afed39eb89821906e3cc7a70551 + - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 - - linuxkit/containerd:fe1b7f438a234cb6481c6538295115eac2a0596d + - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b services: - name: dhcpcd image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd" @@ -16,7 +16,6 @@ services: - CAP_NET_BIND_SERVICE - CAP_NET_RAW net: host - oomScoreAdj: -800 - name: nginx image: "nginx:1.11.12-alpine" capabilities: From c854d58ca49c5a438261f20645bfbd2efa8d8fde Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 16 Apr 2017 15:14:48 -0500 Subject: [PATCH 2/5] demo: Update etcd - Add prometheus node monitor - Make the hyperkit VMs slightly bigger - Add GCP upload - Use env vars in infrakit startup script Signed-off-by: Rolf Neugebauer --- projects/demo/etcd/etcd.yml | 18 ++++++++++++++++-- projects/demo/etcd/infrakit.json | 4 ++-- projects/demo/etcd/pkg/build-pkg.sh | 2 +- projects/demo/etcd/start-infrakit.sh | 3 ++- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/projects/demo/etcd/etcd.yml b/projects/demo/etcd/etcd.yml index e54757ce5..5334cc5eb 100644 --- a/projects/demo/etcd/etcd.yml +++ b/projects/demo/etcd/etcd.yml @@ -67,8 +67,18 @@ services: - CAP_SETUID - CAP_SETGID net: host + - name: node_exporter + image: "linuxkit/node_exporter:0c7c1588e4cbce9cc946c1a84d3902b38b4b7ada" + capabilities: + - all + net: host + pid: host + binds: + - /proc:/host/proc + - /sys:/host/sys + - /:/rootfs - name: etcd - image: "linuxkit/etcd" + image: "moby/etcd" capabilities: - CAP_CHOWN - CAP_SETUID @@ -83,4 +93,8 @@ services: outputs: - format: kernel+initrd - - format: gcp-img + - format: gcp + project: docker4x + bucket: rolf + family: moby-demo + replace: true diff --git a/projects/demo/etcd/infrakit.json b/projects/demo/etcd/infrakit.json index 263d070e3..9be5cac19 100644 --- a/projects/demo/etcd/infrakit.json +++ b/projects/demo/etcd/infrakit.json @@ -14,9 +14,9 @@ "Plugin": "instance-hyperkit", "Properties": { "kernel+initrd": "etcd", - "Disk" : 1024, + "Disk" : 2048, "CPUs" : 1, - "Memory" : 512 + "Memory" : 1024 } }, "Flavor": { diff --git a/projects/demo/etcd/pkg/build-pkg.sh b/projects/demo/etcd/pkg/build-pkg.sh index 88f9c56b1..30e8f92a2 100755 --- a/projects/demo/etcd/pkg/build-pkg.sh +++ b/projects/demo/etcd/pkg/build-pkg.sh @@ -1,4 +1,4 @@ #! /bin/sh -docker build -t linuxkit/etcd . +docker build -t moby/etcd . docker build -t etcd.local -f Dockerfile.local . diff --git a/projects/demo/etcd/start-infrakit.sh b/projects/demo/etcd/start-infrakit.sh index d0c37e2ae..ac368dfa3 100755 --- a/projects/demo/etcd/start-infrakit.sh +++ b/projects/demo/etcd/start-infrakit.sh @@ -10,7 +10,8 @@ mkdir -p $INFRAKIT_HOME/cli infrakit-flavor-vanilla & infrakit-instance-hyperkit & -infrakit-instance-gcp --project docker4x --zone europe-west1-d & +infrakit-instance-gcp --project $CLOUDSDK_CORE_PROJECT --zone $CLOUDSDK_COMPUTE_ZONE & + # start the group plugin in the foreground. If it exits, it will take # the others down as well. From 238436616d77077cee14f6619d96a4acdcb0b4b2 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 16 Apr 2017 15:48:28 -0500 Subject: [PATCH 3/5] demo: Add prometheus server configuration Signed-off-by: Rolf Neugebauer --- projects/demo/prom/.gitignore | 1 + projects/demo/prom/Dockerfile | 2 + projects/demo/prom/Dockerfile.us-central1-f | 2 + projects/demo/prom/build-prom.sh | 3 + .../demo/prom/etcd-prom-us-central1-f.yml | 62 +++++++++++++++++++ projects/demo/prom/prometheus-local.yml | 19 ++++++ projects/demo/prom/prometheus-us-central.yml | 13 ++++ projects/demo/prom/prometheus.yml | 13 ++++ 8 files changed, 115 insertions(+) create mode 100644 projects/demo/prom/.gitignore create mode 100644 projects/demo/prom/Dockerfile create mode 100644 projects/demo/prom/Dockerfile.us-central1-f create mode 100755 projects/demo/prom/build-prom.sh create mode 100644 projects/demo/prom/etcd-prom-us-central1-f.yml create mode 100644 projects/demo/prom/prometheus-local.yml create mode 100644 projects/demo/prom/prometheus-us-central.yml create mode 100644 projects/demo/prom/prometheus.yml diff --git a/projects/demo/prom/.gitignore b/projects/demo/prom/.gitignore new file mode 100644 index 000000000..3af0ccb68 --- /dev/null +++ b/projects/demo/prom/.gitignore @@ -0,0 +1 @@ +/data diff --git a/projects/demo/prom/Dockerfile b/projects/demo/prom/Dockerfile new file mode 100644 index 000000000..0e07679dd --- /dev/null +++ b/projects/demo/prom/Dockerfile @@ -0,0 +1,2 @@ +FROM prom/prometheus +ADD prometheus.yml /etc/prometheus/ diff --git a/projects/demo/prom/Dockerfile.us-central1-f b/projects/demo/prom/Dockerfile.us-central1-f new file mode 100644 index 000000000..c8e5cfd33 --- /dev/null +++ b/projects/demo/prom/Dockerfile.us-central1-f @@ -0,0 +1,2 @@ +FROM prom/prometheus:v1.6.0 +ADD prometheus-us-central.yml /etc/prometheus/prometheus.yml diff --git a/projects/demo/prom/build-prom.sh b/projects/demo/prom/build-prom.sh new file mode 100755 index 000000000..729354108 --- /dev/null +++ b/projects/demo/prom/build-prom.sh @@ -0,0 +1,3 @@ +#! /bin/sh + +docker build -t moby/prom-us-central1-f -f Dockerfile.us-central1-f . diff --git a/projects/demo/prom/etcd-prom-us-central1-f.yml b/projects/demo/prom/etcd-prom-us-central1-f.yml new file mode 100644 index 000000000..efa8afe60 --- /dev/null +++ b/projects/demo/prom/etcd-prom-us-central1-f.yml @@ -0,0 +1,62 @@ +kernel: + image: "mobylinux/kernel:4.9.x" + cmdline: "console=ttyS0 page_poison=1" +init: + - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b + - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9 + - mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b + - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935 +onboot: + - name: sysctl + image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" + net: host + pid: host + ipc: host + capabilities: + - CAP_SYS_ADMIN + readonly: true + - name: dhcpcd + image: "linuxkit/dhcpcd:48e249ebef6a521eed886b3bce032db69fbb4afa" + binds: + - /var:/var + - /tmp/etc:/etc + capabilities: + - CAP_NET_ADMIN + - CAP_NET_BIND_SERVICE + - CAP_NET_RAW + net: host + command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] + - name: metadata + image: "linuxkit/metadata:c5567e65e9125f0a4c4b8cb9d56a86377be62652" + binds: + - /dev:/dev + - /var:/var + - /tmp/etc/resolv.conf:/etc/resolv.conf + net: host + capabilities: + - CAP_SYS_ADMIN +services: + - name: rngd + image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9" + capabilities: + - CAP_SYS_ADMIN + oomScoreAdj: -800 + readonly: true + - name: prometheus + image: "moby/prom-us-central1-f" + binds: + - /dev:/dev + - /var/lib/misc:/data + capabilities: + - all + net: host +trust: + image: + - mobylinux/kernel +outputs: + - format: kernel+initrd + - format: gcp + project: docker4x + bucket: rolf + family: moby-demo + replace: true diff --git a/projects/demo/prom/prometheus-local.yml b/projects/demo/prom/prometheus-local.yml new file mode 100644 index 000000000..6d6f1cf8e --- /dev/null +++ b/projects/demo/prom/prometheus-local.yml @@ -0,0 +1,19 @@ +global: + +scrape_configs: + # - job_name: 'prometheus' + # scrape_interval: 20s + # static_configs: + # - targets: ['localhost:9090'] + + # Scrape the Node Exporter + - job_name: 'node' + scrape_interval: 20s + static_configs: + - targets: ['localhost:9100', 'localhost:9101', 'localhost:9102', 'localhost:9103', 'localhost:9104'] + + # # Scrape the containerd exporter + # - job_name: 'containerd' + # scrape_interval: 15s + # static_configs: + # - targets: ['192.168.65.200:13337', '192.168.65.201:13337', '192.168.65.202:13337', '192.168.65.203:13337', '192.168.65.204:13337'] diff --git a/projects/demo/prom/prometheus-us-central.yml b/projects/demo/prom/prometheus-us-central.yml new file mode 100644 index 000000000..e1b26e562 --- /dev/null +++ b/projects/demo/prom/prometheus-us-central.yml @@ -0,0 +1,13 @@ +global: + +scrape_configs: + - job_name: 'prometheus' + scrape_interval: 20s + static_configs: + - targets: ['localhost:9090'] + + # Scrape the Node Exporter + - job_name: 'node' + scrape_interval: 20s + static_configs: + - targets: ['10.128.0.200:9100', '10.128.0.201:9100', '10.128.0.202:9100', '10.128.0.203:9100', '10.128.0.204:9100'] diff --git a/projects/demo/prom/prometheus.yml b/projects/demo/prom/prometheus.yml new file mode 100644 index 000000000..e1b26e562 --- /dev/null +++ b/projects/demo/prom/prometheus.yml @@ -0,0 +1,13 @@ +global: + +scrape_configs: + - job_name: 'prometheus' + scrape_interval: 20s + static_configs: + - targets: ['localhost:9090'] + + # Scrape the Node Exporter + - job_name: 'node' + scrape_interval: 20s + static_configs: + - targets: ['10.128.0.200:9100', '10.128.0.201:9100', '10.128.0.202:9100', '10.128.0.203:9100', '10.128.0.204:9100'] From ff1279d9b0c8d2c5a682bcc650e6dcffc74fd5e9 Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Sun, 16 Apr 2017 20:21:41 -0500 Subject: [PATCH 4/5] demo: Use redis instead of nginx Signed-off-by: Rolf Neugebauer --- .../demo/{my-nginx/my-nginx.yml => redis-os/redis-os.yml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename projects/demo/{my-nginx/my-nginx.yml => redis-os/redis-os.yml} (93%) diff --git a/projects/demo/my-nginx/my-nginx.yml b/projects/demo/redis-os/redis-os.yml similarity index 93% rename from projects/demo/my-nginx/my-nginx.yml rename to projects/demo/redis-os/redis-os.yml index 9914f1309..376e04d12 100644 --- a/projects/demo/my-nginx/my-nginx.yml +++ b/projects/demo/redis-os/redis-os.yml @@ -16,8 +16,8 @@ services: - CAP_NET_BIND_SERVICE - CAP_NET_RAW net: host - - name: nginx - image: "nginx:1.11.12-alpine" + - name: redis + image: "redis:3.0.7-alpine" capabilities: - CAP_NET_BIND_SERVICE - CAP_CHOWN From 722ab1848d6b9b983d5e5007e86093af0382975b Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Wed, 19 Apr 2017 14:57:35 -0500 Subject: [PATCH 5/5] demo: Update READMEs Signed-off-by: Rolf Neugebauer --- projects/demo/README.md | 21 ++++++--------------- projects/demo/etcd/README.md | 20 +++++++++++++++++--- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/projects/demo/README.md b/projects/demo/README.md index c67f0f28d..fc669e967 100644 --- a/projects/demo/README.md +++ b/projects/demo/README.md @@ -1,11 +1,12 @@ -This directory contains files used in moby demos. +This directory contains files used in Moby/LinuxKit DockerCon 2017 +keynote demos. They mostly serve as examples and probably need +adjustments to your specific environment. # Prerequisites Most of the scripts/files assume you are on a Mac. -- Recent Docker for Mac installed (edge, nightly, master channel) - For some of the demo setup, you need at least 17.05.0-ce-rc1 +- Recent Docker for Mac installed (We used 17.05.0-ce-rc1-mac8 from the edge channel) - For the GCP portion: `brew install google-cloud-sdk` - Infrakit: Clone [infrakit](https://github.com/docker/infrakit) and the [GCP plugin](https://github.com/docker/infrakit.gcp) for @@ -25,16 +26,6 @@ gcloud auth application-default login You may also want to create ssh-keys and upload them. See the [Generating a new SSH key-pair section](https://cloud.google.com/compute/docs/instances/connecting-to-instance) -One time configuration of the network: -``` -gcloud compute networks create rneugeba-demo --mode auto -gcloud compute networks subnets list -# get IP subnet for rneugeba-demo -gcloud compute firewall-rules create rneugeba-demo-internal --network \ - rneugeba-demo --allow tcp,udp,icmp --source-ranges 10.128.0.0/9 -``` -The firewall setup means that all our projects networks can talk to the demo network. - # Expose VMs ports on localhost @@ -44,6 +35,6 @@ You can use a `socat` container to forward ports from the VM to localhost (via D ``` And then run: ``` -docker run --rm -t -d -p 8080:8080 socat tcp-listen:8080,reuseaddr,fork tcp:192.168.65.100:80 +docker run --rm -t -d -p 8080:8080 socat tcp-listen:6379,reuseaddr,fork tcp:192.168.65.100:6379 ``` -This forwards local port `8080` to `192.168.65.100:80`, so if you start, say the `intro` image, run `moby run -ip 196.168.65.100 intro` +This forwards local (host) port `6379` to `192.168.65.100:6379`, so if you start, say the `redis-os` image, run `moby run -ip 196.168.65.100 redis-os`. diff --git a/projects/demo/etcd/README.md b/projects/demo/etcd/README.md index c40c6d19f..a86b88236 100644 --- a/projects/demo/etcd/README.md +++ b/projects/demo/etcd/README.md @@ -44,9 +44,23 @@ You can perform rolling updates, by for example, switching the kernel version in ## Infrakit GCP setup -Note: This setup is somewhat specific to our GCP setup (IP addresses -and account info) and needs to be adjusted to your setting. The -configuration is documented in the top-level README.md. +You need to do the general setup as described in the demo [README](../README.md). Specifically, you need the `CLOUDSDK_*` environment variables set and you need to have authenticated with GCP. + +Note, the demo uses static IP addresses and they are specific to our +setup. The IP addresses need to be changed in the `infrakit-gcp.json` +config file. + +In order to use the static IP addresses we created a custom network: +``` +gcloud compute networks create rneugeba-demo --mode auto +gcloud compute networks subnets list +# get IP subnet for rneugeba-demo +gcloud compute firewall-rules create rneugeba-demo-internal --network \ + rneugeba-demo --allow tcp,udp,icmp --source-ranges 10.132.0.0/9 +``` +The firewall setup means that all our projects networks can talk to the demo +network. + Build the image and upload it: ```