Using Docker for existing installed OS and applications, running half inside half outside the container
Another docker talk? Isn't everyone using docker already?
With a cool logo like this, you have no excuse :)
Docker: the shipping container model
Why Use Containers for security?
Why was I not using containers and LXC?
What does Docker offer over LXC?
Docker: Security bits that come for free
Docker protects device nodes
Docker protects processes, users, networking
Why didn't I try docker earlier?
Why didn't I try docker earlier? (2)
Slide 13
Sharing the same base image in the enterprise
Which approach is best?
Running applications half in and half out of a container
Docker install: before you start
Install and setup time (on debian)
Install and setup time (2)
Install and setup time (3)
Making your own super small base image
Making my own base image
Looking at an empty image
Looking at an empty image (2)
Files automatically created by docker
Mounting your base filesystem in docker
Mounting portions of your filesystem, read only
Docker can't create mountpoints on read only mounts
Not showing sub mounts
Not showing all subdirectories
Custom /etc
Custom /etc creation
Putting it all together: before
Putting it all together: before (2)
Putting it all together: after
Fixing rw bind mounts automatically mounted in image
Every host mount mounted ro, including /var
Putting it all together: getting php5 of an installed app working in your container, along with apache2
Moving other session and locks to /run
Now apache works, but not connections to mysql
Success!
Docker instance start script
Docker instance start script (cont)
Warnings
Warnings about docker, btrfs, and backups
Beware...
Summary: Doing it the docker way
Summary: Doing it the shared system way
Thanks to Docker Maintainers and Contributors
質問がありますか? Questions? Want a job at Google? Talk slides for download: http://marc.merlins.org/linux/talks/DockerLocalDisk-LC2015-JP/ http://goo.gl/PWjume