Virtualization & Docker
===

> Q: How do you explain the movie Inception to a programmer?
>> A: Basically, when you run a Virtual Machine (VM) inside another VM, inside another VM, inside another VM…, everything runs real slow!

![](https://i.ytimg.com/vi/4E_DahvPVko/maxresdefault.jpg)

By The End of This Session You Will Know:
---
- The basics of virtualization
- The common abstractions and terms for Docker
- The basics of Vagrant
- The advantages and disadvantages of Docker

---
Virtualization
---

Computers can only do 1 thing at time, thus either are completely busy or completely free. Virtualization better manages computer use by decoupling physcial hardware from software.

![](images/vm.jpg)

This is simple insight was worth billions. This idea is continued in higher levels of abstraction.

There is a small trend away from it. For example, Neural-Network Chip

![](images/neural_chip.jpg)

The CTO of my old company did not get it. It sucked!

- Would not move to the cloud
- Would work with awful vendors

---
__Student Activity__:

- Brainstorm advantages and disadvantages of virtualization


---
Docker
---

What is Docker?

- Docker is a way to package code into consistent units of work.
- These units of work can be deployed to testing, QA and production environments.

## Author

Who created Docker?

- Solomon Hykes.

<img src="http://siliconangle.tv/wp-content/uploads/2015/06/Solomon_Hykes-2-1.jpg">

## Docker Hub

What is Docker Hub?

- Docker provides artifact management through the public Docker Hub.
- Docker Hub is like GitHub for Docker images.
- Docker images can be shared as binary artifacts. 
- The artifact is a "black box" that can be used for testing, performance, etc.

## Docker ToolBox

What does the Docker ToolBox provide?

Docker provides:

- Container
- Packaging 
- Artifact management

## Docker Use Case

What is the use case for Docker?

- Docker lets you easily create and share dev, test, prod environments.
- Docker lets you create Pseudo-Distributed Hadoop install easily.

## Docker Essence

What is the essence of Docker?

- Docker lets you capture the configuration for a single process.
- The Dockerfile is a little bit more than a simple bash script.
- It configures a process with its dependencies.  

---
Vagrant
---

What is Vagrant?

- Vagrant uses Virtual Box or VMware Fusion to create disposable
  shareable virtual machines.
- Vagrant is a tool for quickly spinning up virtual machines.  
- Vagrant converts an environment and configuration into a Ruby file.  
- Your environment configuration can be shared, rolled forward, rolled
  back easily.
- You can trash your environment with risky products and rollback to a
  good state easily.

## Author

Who created Vagrant?

- Mitchell Hashimoto.

<img src="http://thenewstack.io/wp-content/uploads/2015/01/mitchellpic2.jpg">


---
Virtual Machines
----

What are VMs?

- VMs are full-fledged machines running on top of your machine.
- They provide complete isolation from the host operating system.
- The processes running in a VM are invisible to the host OS.
- VMs are a thicker abstraction on top of the OS than containers.
- VMs run a complete OS on top of the host OS, so you are running two
  complete OS's at the same time.

## Vagrant File

What does the Ruby configuration file contain?

- What VM image to start with
- What additional tasks to run
- How the network should be configured
- Etc.

---
Docker Concepts
---

## Docker Architecture

<img src="https://s3-us-west-2.amazonaws.com/dsci/6007/assets/docker-architecture.svg">

## Docker on Mac

<img src="https://s3-us-west-2.amazonaws.com/dsci/6007/assets/docker-on-mac.svg">


## Docker Components

What are major Docker components?

- *Docker Machine* manages VMs and container-providers.
- *Docker* is a client of Docker Machine. It creates and runs Docker containers on Docker Machine.
- *Docker Hub* is Docker's hosted registry service for managing images.
- *Docker Compose* defines multi-container applications. 
- *Kitematic* is the desktop GUI for Docker. 
- *Docker Trusted Registry (DTR)* supplies a private dedicated image registry.
- *Docker Swarm* is used to host clustering and container scheduling.
- *Docker Registry* provides open source Docker image distribution.


## High-Level Components

What are the main components in Docker?

- Docker uses a client-server architecture. 
- Docker client talks to Docker daemon.
- Docker daemon builds, runs, and distributes Docker containers. 
- Docker client and daemon can run on the same system, or on different machines.
- They communicate through sockets or a REST API.
- User does not directly interact with daemon.
- User interacts with daemon through client.
- Docker client is the `docker` command.

## Images

What is a Docker image?

- A Docker image is a read-only template. 
- For example, an image can contain an Ubuntu operating system with Apache and your web application. 
- Images are used to create Docker containers. 
- You can build new images or update existing images.
- You can download Docker images that other people have created. 
- Docker images are the build component of Docker.

## Registries

What are Docker registries?

- Docker registries hold images. 
- These are public or private stores from which you upload or download images. 
- The Docker Hub is a public Docker registry. 
- It serves a large collection of existing images.
- Docker registries are the distribution component of Docker.

## Containers

What are Docker containers?

- Docker containers are like directories.
- A Docker container holds everything that is needed for an application to run. 
- Each container is created from a Docker image. 
- Docker containers can be run, started, stopped, moved, and deleted. 
- Each container is an isolated and secure application platform. 
- Docker containers are the run component of Docker.

## Image Layering

How do Docker images build on each other?

- Each Docker image starts from a base image such as `ubuntu`.
- After this layers are applied to it.
- Each image consists of a series of layers.
- Docker makes use of union file systems to combine these layers into a single image.
- Union file systems allow files and directories of separate file
  systems, known as branches, to be transparently overlaid, forming a
  single coherent file system.

## Instructions

What are Docker instructions?

- On top of these base images Docker applies instructions
- Here are some examples of instructions:
    - Run command.
    - Add file or directory.
    - Create environment variable.
    - What process to run when launching container from this image.
- These instructions are stored in a file called a `Dockerfile`.


## Machine

What is a Docker Machine?

- Machine lets you create Docker hosts on your computer, on cloud
  providers, and inside your own data center.
- It automatically creates hosts, installs Docker on them, then
  configures the docker client to talk to them.
- A machine is the combination of a Docker host and a configured
  client.


Note: 

- `docker-machine` used to be called `boot2loader` CLI.

---
Containers
---

![Container Cat](https://s3-us-west-2.amazonaws.com/dsci/6007/assets/U0iADj9.gif)

__Discovering Docker containers__

What are containers?

- Containers capture the state of an application and run it in isolation.
- Containers use Linux features such as LXC, CGroups, Namespaces, Aufs, and Chroot.
- Containers are lighter weight than VMs.

## LXC

What is LXC?

- LXC is stands for Linux Containers.
- LXC is an OS-level virtualization feature.
- It enables running multiple isolated Linux containers on a single
  Linux host.

## CGroups

What are *CGroups*?

- *CGroups* are a Linux feature.
- They isolate the resources of a group of processes. 
- Examples of resources are CPU, memory, disk I/O, network, etc.

## Aufs

What is Aufs?

- Aufs is short for advanced multi-layered unification filesystem.
- Aufs implements a union mount for Linux file systems. 
- Aufs was developed by Junjiro Okajima in 2006, and is a rewrite of
  the earlier UnionFS.

## Union Mounts

What are union mounts?

- Union mounts or file systems define disks as a composition of layers.
- Each layer is called a branch and is a separate file system.
- The union file system allows files and directories of branches to be
  transparently overlaid, forming a single coherent file system.
- The final directory appears to contain all their combined contents. 
- Union mounting is supported in Linux, BSD, and Plan 9.


## Chroot Jail

What is Chroot and what is *Chroot Jail*?

- Chroot is a Unix operation.
- It changes the root directory for a current process and its children. 
- A program running in a *chroot jail* cannot name or access files outside its directory tree.
- Non-root processes cannot break out of chroot jails, while root processes can.

---
Containers vs Virtual Machines
---

## Containers vs VMs

<img src="images/docker-containers-vs-vms-2.png">

## Containers vs VMs

<img src="images/docker-containers-vs-vms-3.png">

## Containers vs VMs

<img src="images/docker-containers-vs-vms-4.png">

## Containers vs VMs

<img src="images/docker-containers-vs-vms.png">


## Containers vs VMs

How do containers and VMs differ?

- Containers virtualize the services of the host OS.
- For example, processes in two different containers see different `/tmp` folders.
- Processes in different containers cannot see each.
- This is despite their being on the same OS.

## Analogy

How do containers and VMs differ?

- VMs are like *inception* for computers. VMs are dreams inside dreams.
- Containers are more like daydreams. 
- A good illusion but sometimes it breaks down.

## Hotels vs Houses

What is another analogy for containers and VMs?

- Containers are like living in a hotel room, while VMs are like living in your own house.
- Or containers are AirBnB while VMs are like your self-contained apartment.
- In a hotel room or an AirBnB rental you are sharing resources like the kitchen.
- But you want to pretend that you are in your own house.

## Technical Differences

How do containers and VMs differ technically?

- VMs give you more airtight isolation.
- Containers give you better performance.
- Containers deploy faster and are lighter weight.
- Containers are used to deploy single services
- VMs are used to deploy a complete distribution.

# Use Cases 

## VM and Vagrant Use Cases

What are some use cases for VMs and Vagrant?

- You can use Vagrant to set up test environments.
- You can use Vagrant to provision VMs on EC2 and other locations.
  Alternatively, you can use Razor and Foreman for this use case.
- You can use it to quickly spin up Hadoop clusters for testing and
  experimentation.
- Vagrant is used to quickly spin up a dev environment.
- If you want to test your app on Linux but you are running on Mac or
  Windows you can use Vagrant to spin up a Linux VM.

## Docker Use Cases

What are the use cases for Docker?

- Docker is a tool for managing Linux containers.
- Containers are usually used to deploy a single service.
- Docker is in between being a package manager and a VM manager.
- However, Docker is more sophisticated than installing a simple
  package, because it also includes the environment, and it runs it in
  isolation.
- Docker is primarily used in testing, rather than in production.

## Real World Use Cases Of Docker

What are real-world use cases of Docker?

Here is a summary of use cases that AirPair
[reports][docker-airpair-use-cases] reports.

[docker-airpair-use-cases]: https://www.airpair.com/docker/posts/8-proven-real-world-ways-to-use-docker

- Simplifies configuration: You can run your containers on different
  platform providers.
- Code pipeline management: Consistent environment as code is
  deployed.
- Developer productivity: Test in production-like environment.
- App isolation: You can run multiple servers on the same machine
  without worrying about collisions.
- Server consolidation: Use spare cycles by spinning up more
  containers.
- Multi-tenancy: Give customers their own container.
- Rapid deployment: Quick to spin up and shut down.

## Docker Containers vs VMs

Is a Docker container a kind of VM as well?

- Docker does not provide full-fledged VMs, but rather containers.
- Using Docker you can run instances of services/servers in a specific
  virtual environment.  
- For example, you can run a Docker container with Ruby on Rails on
  Ubuntu Linux.

## Docker Vagrant Interop

Can Vagrant and Docker interoperate with each other?

- You can host Docker containers on Vagrant VMs.
- Conversely, you can host Vagrant on top of a Docker container. 

## Docker vs Vagrant Difference

What is the difference between Docker and Vagrant?

- Docker uses images and containers to build your application as an image. 
- An image the application, its setup environment, and other dependencies.
- However, it is not a machine. 
- A container is a process that runs in the background, and manages images.
- You can run many images in one container.
- You can run many containers on one machine.

Another way to see the difference:

- Vagrant manages virtual machines.
- Docker manages application runtimes.
- Primitives in Docker are processes, log streams, environment
  variables and network links between components.
- Primitives in Vagrant are machines, block devices, and ssh keys.
- Vagrant sits lower in the stack, closer to the hardware.
- Docker sits higher on the stack, closer to the application.
- Vagrant is for managing machines.
- Docker is for building and running application environments.

## Comparing Docker vs Vagrant

### Memory

<details><summary>
Which one will consume less memory?
</summary>
- Containers are more memory efficient.<br>
- Containers do not have to contain a full copy of the OS.<br>
- VMs have to contain a full copy of the OS.<br>
</details>

### Startup Time

<details><summary>
Which one starts faster? 
</summary>
- Containers start faster.<br>
- There is less to do at startup in a container.<br>
- In a VM you are booting up an OS from scratch.<br>
</details>

### Speed

<details><summary>
Which one runs faster?
</summary>
- Docker and containers run faster.<br>
- Vagrant virtualizes the hardware.<br>
- Docker virtualizes the OS services, e.g. the file system.<br>
- Docker does not emulate any hardware. It uses the hardware directly.<br>
- It does not waste cycles pretending to be hardware.<br>
- VMs virtualize hardware. Container virtualize services.<br>
- Docker is faster because it has less overhead.<br>
- Vagrant has more overhead performance-wise but it gives you more isolation.<br>
</details>

### Security

<details><summary>
Which one is more secure?
</summary>
- Containers will be less secure.<br>
- This is because they are less isolated than VMs.<br>
- VMs have a smaller attack surface.<br>
- It is like living in a separate house vs living in a hotel room.<br>
</details>

## Container Downsides

<details><summary>
What are the disadvantages of containers?
</summary>
- They are less secure.<br>
- The applications have to be Linux based.<br>
- This is because Docker requires a Linux kernel or a simulation of one.<br>
</details>

Another way to phrase the difference:

- In virtualization, a whole new operation system is started on your localhost.
- New kernel, new ports, new filesystem, etc. 
- This makes it possible to emulate any OS such as Windows, Linux, Unix, etc.
- Containerization runs a small image of a system in the already running OS.


![](http://1.bp.blogspot.com/-bC9Gi0yLvv4/VQPhuceXdII/AAAAAAAAAvE/qQDvhQWE9BU/s1600/vm-vs-docker-table.png)

---
Summary
---
- Virtualization a way of abtracting away hardware
- Docker is the most common architecture
- Docker is not perfect but will become increasing better

![](images/yodawg.jpg)

[Can you run one virtual machine inside another?](http://superuser.com/questions/312433/can-you-run-one-virtual-machine-inside-another)

<br>
---