Docker + Puppet

Can they really work together?

Barcelona 2015-05-13

Press space to continue...

Who am I?

Carles Amigó (fr3nd)

  • Currently SysAdmin at SocialPoint
  • Previously SysAdmin at Here/Nokia, Softonic
  • Started playing with Puppet in 2009
  • Started playing with Docker in 2014

fr3nd.net   fr3nd@fr3nd.net   @fr3nd   github.com/fr3nd

What is Docker?

Operating system level virtualization

What is Docker?

Software delivery mechanism 

docker pull redis
docker run -P redis

What is Docker?

Application isolation mechanism

Build once, run in many places

Immutable infrastructure

Build containers

The Dockerfile

File with simple instructions written in a specific language to build a container image

The Dockerfile

Simplistic DSL 

FROM debian:jessie

RUN apt-get update && apt-get install -y apache2

EXPOSE 80

CMD apache2 -DFOREGROUND

Docker + Puppet

How can they work together?

Should I run Puppet inside containers?

Why not?

  • Container: immutable infrastructure
  • Keep the container small and simple
  • One process per container (cron, puppet, ...)

Should I use Puppet to build containers?

Why not?

  • Simplicity (KISS)
  • Size matters!

Why yes?

  • Use current puppet manifests
  • Complex configurations
  • Portability

How?

docker pull fr3nd/basepuppet

FROM debian:jessie
MAINTAINER Carles Amigó, fr3nd@fr3nd.net

RUN apt-get update && apt-get install -y \
    git \
    ruby \
    && rm -rf /usr/share/doc/* \
    && rm -rf /usr/share/info/* \
    && rm -rf /tmp/* \
    && rm -rf /var/tmp/*

ENV PUPPET_VERSION 3.7.1
ENV FACTER_VERSION 2.4.1
ENV R10K_VERSION 1.5.1
ENV R10K_MODULE_VERSION 2.7.3

RUN echo "gem: --bindir /usr/bin --no-ri --no-rdoc" > ~/.gemrc
RUN gem install facter -v $FACTER_VERSION
RUN gem install puppet -v $PUPPET_VERSION
RUN mkdir -p /etc/puppet/manifests /etc/puppet/modules
ADD puppet.conf /etc/puppet/puppet.conf

RUN gem install r10k -v $R10K_VERSION

How?

Dockerfile: 

FROM fr3nd/basepuppet
MAINTAINER Carles Amigó, fr3nd@fr3nd.net

ADD Puppetfile /etc/puppet/Puppetfile
WORKDIR /etc/puppet
RUN r10k puppetfile install

RUN puppet apply -e "include apache"

EXPOSE 80
CMD apache2 -DFOREGROUND
Puppetfile: 

mod 'puppetlabs/apache', '1.4.1'
mod 'puppetlabs/stdlib', '4.6.0'
mod 'puppetlabs/concat', '1.2.1'

Should I use Puppet to manage Docker?

Docker module

garethr/docker 

          include docker

Docker module

Configure Docker 

class { 'docker':
  version      => 'latest',
  tcp_bind     => 'tcp://127.0.0.1:4243',
  socket_bind  => 'unix:///var/run/docker.sock',
  dns          => '8.8.8.8',
  docker_users => [ 'user1', 'user2' ],
}

Docker module

Launch containers 

docker::run { 'helloworld':
  image   => 'busybox',
  command => '/bin/sh -c "while true; \
              do echo hello world; sleep 1; done"',
}

Docker module

Launch more complex containers 

docker::run { 'redis':
  image           => 'redis:3',
  command         => 'redis-server --appendonly yes'
  ports           => ['6379'],
  volumes         => ['/docker/host/dir:/data:rw'],
  memory_limit    => '4g',
  cpuset          => ['0'],
  restart_service => true,
  privileged      => false,
  pull_on_start   => true,
}

docker-compose

Define complex docker applications in one YAML file 

web:
  image: apache
  links:
   - db
  ports:
   - "80:80"
db:
  image: mysql

docker-compose

Puppet module to manage docker-compose

github.com/fr3nd/puppet-docker_compose

Proof of concept!

docker-compose


include docker_compose

docker_compose::application { 'foo_app':
  ensure  => 'present',
  content => file('files/foo_app.yaml'),
}

Conclusions

  • Although containers are immutable, parent host isn't
  • Configuration management is complementary to, rather than contraindicated by, containerization

Questions?

Thank you!