Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and Tibor Vass, Docker

Docker 1,495 views 46 slides May 04, 2017
Slide 1
Slide 1 of 46
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46

About This Presentation

At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a sing...

Size: 2.31 MB
Language: en
Added: May 04, 2017
Slides: 46 pages

Slide Content

Plugins: Build, Store, and
Run



Nandhini Santhanam


Tibor Vass

Engineering Manager, Docker Software Engineer, Docker

-Why plugins?
Extend Docker functionalities

-Batteries included but swappable
Introduction

Volume
Your Node
Container

Your Node
Volume (Could be Block
Store, Hardware, or
something else)
Container
Volume Plugin

-Plugins are first class citizens
(starting Docker 17.03)

-Authorization, Volume, Network,
IPAM, Logging
Introduction

Running an
sshfs volume
plugin

SSHFS (SSH Filesystem) is a filesystem client
to mount and interact with directories and
files located on a remote server or
workstation over a normal ssh connection
What is sshfs?
https://en.wikipedia.org/wiki/SSHFS

SSHFS Source code:
https://github.com/libfuse/sshfs

vieux/sshfs volume plugin:
https://github.com/vieux/docker-volume-sshfs



Running a volume plugin

DEMO: Running a volume plugin

$ ssh user@host
# cd /some/path && echo austin > dockercon && exit
Prepare directory on ssh host

Prepare directory on ssh host
$ docker plugin help

Usage:docker plugin COMMAND

Manage plugins

Options:
--help Print usage

Commands:
create Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json
disable Disable a plugin
enable Enable a plugin
inspect Display detailed information on one or more plugins
install Install a plugin
ls List plugins
push Push a plugin to a registry
rm Remove one or more plugins
set Change settings for a plugin
upgrade Upgrade an existing plugin

Run 'docker plugin COMMAND --help' for more information on a command.

$ docker plugin install vieux/sshfs
Plugin "vieux/sshfs" is requesting the following privileges:
- network: [host]
- mount: [/var/lib/docker/plugins/]
- device: [/dev/fuse]
- capabilities: [CAP_SYS_ADMIN]
Do you grant the above permissions? [y/N]






Install vieux/sshfs

Install vieux/sshfs
$ docker plugin install vieux/sshfs
Plugin "vieux/sshfs" is requesting the following privileges:
- network: [host]
- mount: [/var/lib/docker/plugins/]
- device: [/dev/fuse]
- capabilities: [CAP_SYS_ADMIN]
Do you grant the above permissions? [y/N] y
latest: Pulling from vieux/sshfs
b2bcc48d3424: Download complete
Digest:
sha256:151e6d386ab93a4d9f8ec0befd6c43485fe9e1151fd9784493b147ca621d3d5d
Status: Downloaded newer image for vieux/sshfs:latest
Installed plugin vieux/sshfs

Use vieux/sshfs plugin
$ docker plugin ls
ID NAME DESCRIPTION ENABLED
dfe9270de30a vieux/sshfs:latest sshFS plugin for Docker true
$ docker volume create -d vieux/sshfs -o sshcmd=user@host:/some/path -o
password=”$password” -o port=”$port” mysshvolume
$ docker run -it --rm -v mysshvolume:/remote busybox sh
/ # cat /remote/dockercon
austin

-docker plugin install vieux/sshfs

-review permissions

-docker volume create --driver vieux/sshfs [-o …] myvolume

-docker run -v myvolume:/remote busybox
Recap: Running a volume plugin

Debugging a plugin

DEMO: Debugging a plugin

Misuse the plugin
$ docker volume create -d vieux/sshfs -o sshcmd=user@host:/some/path -o
password=”$badpassword” -o port=”$port” mysshvolume
$ docker run -it --rm -v mysshvolume:/remote busybox sh
docker: Error response from daemon: error while mounting volume
'/var/lib/docker/plugins/cd540062f8b7e667d0e94cef262ff72ce10264fb0dea6c53393b1
8c840fc7a8e/rootfs': VolumeDriver.Mount: exit status 1.

Check the daemon logs
$ tail -f /var/log/docker.log | grep plugin=
Apr 6 23:29:10 moby root: time="2017-04-06T23:29:10Z" level=info msg="read:
Connection reset by peer "
plugin=3fd525f16cb675325cf99a49455ab05e60d1da53d8b9689c69ea6c7f8619ef17
Apr 6 23:29:10 moby root: time="2017-04-06T23:29:10Z" level=info
plugin=3fd525f16cb675325cf99a49455ab05e60d1da53d8b9689c69ea6c7f8619ef17
Apr 6 23:29:10 moby root: time="2017-04-06T23:29:10Z" level=info msg="exit
status 1"
plugin=3fd525f16cb675325cf99a49455ab05e60d1da53d8b9689c69ea6c7f8619ef17

$ docker volume rm mysshvolume
$ docker plugin disable vieux/sshfs
$ docker plugin set vieux/sshfs DEBUG=1
$ docker plugin enable vieux/sshfs
$ docker volume create -d vieux/sshfs -o sshcmd=user@host:/some/path -o
password=”$badpassword” -o port=”$port” mysshvolume
The DEBUG setting is NOT generic to all plugins, it is defined by this vieux/sshfs
plugin (more on this later).
Modify plugin settings

$ docker plugin ls --no-trunc
ID NAME
DESCRIPTION ENABLED
9fef4eb6fa883d44e9c1c2901fb598f39f67d50bcc0e1653b4f393807fb80558
vieux/sshfs:latest sshFS plugin for Docker true
$ docker-runc exec -t
9fef4eb6fa883d44e9c1c2901fb598f39f67d50bcc0e1653b4f393807fb80558 sh
/ # echo hi from plugin container

Pro Tip: Access plugin container

-grep plugin=$pluginID docker.log

-if plugin allows it, set higher verbosity with
docker plugin set

-docker-runc exec -t $pluginID sh
Recap: Debugging a plugin

Building a plugin

What constitutes a plugin?
-Rootfs of plugin container

-JSON description defining what interface it
implements, what permissions it needs

-Reference:
https://docs.docker.com/engine/extend/config

-Docker bind-mounts the host’s
/run/docker/plugins/$pluginID into the container’s
/run/docker/plugins

-Each plugin has to listen on a socket inside
/run/docker/plugins

$ ls /run/docker/plugins/*/
sshfs.sock
How does it work?

Plugins serve via the socket, an HTTP+JSON API
specified in the documentation for each plugin type.

Authorization:
https://docs.docker.com/engine/extend/plugins_authorization
Volume:
https://docs.docker.com/engine/extend/plugins_volume/
Network:
https://docs.docker.com/engine/extend/plugins_network/
IPAM:
https://github.com/docker/libnetwork/blob/master/docs/ipam.md
How does it work?

Pro Tip: Use helper package
Go helper package:
https://github.com/docker/go-plugins-helpers

For volume plugins:
https://godoc.org/github.com/docker/go-plugins-help
ers/volume

Demo: building vieux/sshfs

$ git clone https://github.com/vieux/docker-volume-sshfs
$ cd docker-volume-sshfs
$ ls
Dockerfile LICENSE README.md main.go
Dockerfile.dev Makefileconfig.json vendor
$ vim main.go
Demo: building vieux/sshfs

Demo: building vieux/sshfs
Config.json defines:
-Type of functionality the plugin provides docker.volumedriver/1.0 in addition
to the name of the socket sshfs.sock.
-entrypoint to the binary
-a DEBUG environment variable that’s settable by the user
-Access to device /dev/fuse
-Linux capability CAP_SYS_ADMIN to be able to mount FUSE from the container
-Host networking to access the remote host
-Bind mount to store state outside the plugin
-Last but not least, PropagatedMount: the path inside the container that needs
to be propagated back into docker’s mount namespace

Demo: building vieux/sshfs
Build the sshfs image and extract rootfs
$ docker build -t sshfs .
$ docker container create --name tmp sshfs
$ mkdir -p ./plugin/rootfs
$ docker container export tmp | tar -x -C ./plugin/rootfs
Add plugin config
$ cp config.json ./plugin/
$ ls ./plugin
config.json rootfs/

Demo: building vieux/sshfs
Create plugin

$ docker plugin create tiborvass/sshfs ./plugin
$ docker plugin ls
ID NAME DESCRIPTION ENABLED
f207db14aa5b vieux/sshfs:latest sshFS plugin for Docker true
3fd525f16cb6 tiborvass/sshfs:latest sshFS plugin for Docker false

-implement plugin HTTP+JSON API corresponding to the
desired plugin type

-containerize plugin + export rootfs
-write config.json for plugin

-docker plugin create tiborvass/sshfs ./plugin
where ./plugin contains:
-config.json
-rootfs/
Recap: Building a plugin

-docker plugin push tiborvass/sshfs

-Collaborate

-View plugin scans



Collaborate on your plugin

-private plugins
-community plugins
-store plugins



Distribute Plugins

Publishers
-Certification Program


Plugins on Docker Store

Questions?
[email protected]

Documentation:
success.docker.com/store

docs.docker.com
store.docker.com
github.com/moby/moby
@docker
#dockercon
Thank you!
Tags
dockercon 2017 dockercon dockercon2017
Categories
Business Design
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,495
  • Slides 46
  • Favorites 3
  • Age 3134 days
Related Slideshows
DTI BPI Pivot Small Business - BUSINESS START UP PLAN 1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
CATHOLIC EDUCATIONAL Corporate Responsibilities 1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
Karin Schaupp – Evocation; lançamento: 2000 11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
Pillars of Biblical Oneness in the Book of Acts 10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
7-10. STP + Branding and Product & Services Strategies.pptx 31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
Business Legislation PPT - UNIT 1 jimllpkggg 44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views
View More in This Category