 For volunteers, yeah, so everybody who wanted could just sign up and be a session or just you know Help with stuff. Yeah, so it was for everyone right ahead, but you know, we are the most sociable one It's car I Think I can help No Guys a few announcements, please don't forget to close the door gently when you enter the room it really disturbs the speakers and This room is packed for every talk So please shift if you have any space to the left or to the right Please shift and make space so it's easier for other people to find seats. All right And feel free to tweet and blog about this event You can also leave feedback for every session on our official website. Thank you very much Oh Oh Oh So Okay, so please sit down and The next speaker is Vasek Pauline. Good afternoon everybody already afternoon. It seems I'm sorry for Getting you out of lunch You can go after this talk obviously so I will be speaking about nilacle you have heard about atomic app nilacle adb In the previous presentations. It's all about containers, right? So my name is Vasek Pauline. I work for Red Hat as a platform architect And I'm playing with containers for more than two years now and it's still fun Because there is still some change that I can investigate So I don't want to go into details about how containers work because you already heard it a lot So let's take a look at container packaging So as I said no, we are not going to explain docker again And I guess that you all tried to run some containers whatever if it was docker or it was lxc or whatever So I guess you have the basic information What was what is great about containers is the portability You will just pull some image to your fedora box and it will be sent us image. So we'll run it That's awesome like you can build on top of any basically any System and run it on any system any Linux system The image itself Is pretty simple because it's just a root file system and some metadata if in case of of docker it's The tarball and some jason Which tells you what is the container? What is it name? What is it? Hash and and what user should it run and stuff like that The problem if you look at the traditional packaging It's all about dependencies, right? But containers have a great packaging you can put all this metadata in it, but there are snow dependencies Like all every container is a standalone unit every every image is a standalone unit You cannot link them together the image. You cannot link images together. You can link containers with docker Uh, somehow connect them do some roots, but generally you cannot link images together So we could put something like this into labels and say, hey this wordpress image requires maria db image But which maria db image how to run that image? So it's not that easy That problem of containers and images uh of of docker images Is that everybody repackages? So this is this is a screenshot From uh, october last year and it was 454 Images at docker hub of maria db if you put maria db in a search It gave you number like this and this is from today The number it's 589 in few months We edit like 130 Images with maria db. How is it possible that everybody needs a different image for maria db? It's still the same database. Maybe some versions, right? But maybe some configuration, but that's a runtime thing So how can we we need so many images because it's fun to start from scratch and learn something And there is no documentation So you you have no idea how to run the thing and if there is documentation It's it's pretty long and it's it's hard to read it and you don't want to read it, right? So these are images and containers, but then there are multi container applications like You can see that there is some nice application And if you need more power, you will just few containers to your engine space, right? And we'll just go faster Let's say that multi container applications are two plus containers And what you want from that is you want to operate them as a single unit You don't want to run every single container and check If it's life if it's healthy you want to operate it as a single unit And you want to reuse existing components because you don't want to Be here and you want to you don't want to repackage everything again So how does it work with? What does it mean operate an application as a single unit? So let's say I want to deploy my git lab somewhere so with containers, it's like git lab container postgresql And redis which will have redis master and redis slave which is which can be and mostly is the same image But have different runtime parameters So this is the graph that will basically appear when you try to run it For example in kubernetes And I want to do this I want to do atomic run for example git lab And I want to then do atomic stop git lab or restart or whatever And the reusability So as I said, there is a lot of content a lot of images that serve the same purpose. They are a bit different But if I want if I'm creating an application what I want to do is to say hey Here is my directory with my application with my Docker images for my application and I want to add new dependency and that dependency will be postgresql server and redis Like in the git lab example And then in the directory for example or somewhere else I want to just do atomic run my app and it will start all the all the dependencies all the containers And I want to have a library of these so that I don't have to search them somehow weirdly I just want to know here's the place that I can use all the images and I will know that they are maintained and they are well They they will behave well So this is multi container application and then you go where to deploy it. So you have orchestrations Right now With orchestrations you have a lot of choices with open shift It's built it's built on the Kubernetes, but you can use Kubernetes directly There is terraform mesos compose Many many there is no winner yet. We at redhead like Kubernetes That's why open shift uses them So we hope that will be the winner But generally there is no winner yet and still everyone tries to figure out the best format how to deploy the application And if you want to deploy the application right now the best user experience you can get is a very very long read me And that read me will tell you do this and then start this container then change this configuration and then do something else And if you go through all these 20 25 steps and all goes well your application is running but Every single orchestration has its own format for for metadata and these are separated from the images from the actual applications So how do you distribute them? So you probably do curl some file some yaml file And you will keep control that file and it will start up some containers But you have no idea what is in that you have to investigate more you have to read it you have to change some values And then you maybe have a have an application. The problem is that how do you distribute it in other way? It's it's a plain text. So how do you distribute it? You will have A good repo you will send it through mail. That's not very useful That's why containers are now popular because docker created a good distribution method for containers And another problem or another scope of containers is that there are multiple environments that you want to deploy to So you can have very enterprisey environment where everything Fits together and then you can have something like this, which is my development machine. Everything is messed up Everything is like halfway halfway done Maybe it works. Sometimes it doesn't even there is no reason why it shouldn't work But generally you have many different environments where you want to deploy And you can have various workflows like here where you have development to test to staging to beta to production And then you might have something like this where you skip staging and beta. How do you how do you describe the application that needs to go through all these Stages and and how to how do you change parameters because you have to change parameters Like here from the fabricated Kubernetes example where they say hey, here's some random value and you need to change it to make your application work Which if you have the 20 pages of readme and then it contains things like this You probably screw something up and your application will not start and you will be completely pissed off with containers And then nulecl comes So what is nulecl? It's just a specification. It's just a document. So why do I need? new specification for these if all various orchestrations Already specify something I will get to that It's independent on container engine So it doesn't tell you that you have to use docker or n spawn or lxc. It just describes your application It describes graph for your application. So as I showed the graph for git lab You can describe that you have a git lab application and it depends on Postgres and then depends on redis and the redis component then contains Two other applications basically two other components that is master and slave And you can parametrize. So here is the snippet from from some nulecl file and it says That there are two parameters image and host host port Uh, it has some description And it can has it can have some default values So if you want to just try it you just deploy the application And it will use the default values if you want to change it You can and you can restrict the parameters because you want to be sure that the port is number, for example And they are then basically Substituted in the artifacts like yaml files for kubernetes With a simple variables dollar sound variable replacement And then there are answer files. So you have these yaml files that are marked with With the variables and you want to provide the values to the application. So This is the answer file for the application that I showed And here is the image that uses sensors htdpd for some reason for your new version of application You want to use fedora and you want to change port. So you will just change it and when you deploy This application will be taken in account and it will be used and the parameters will be changed according to this This file And another thing is that as I said, there is many orchestrators we call them providers in nulecl And these basically are if you implement the specification These are the plugins that will then deploy your application to a specific orchestration So right now there is an Implementation atomic app. I will get to that and it supports kubernetes docker open shift and measles marathon. Yeah So you can specify basically as many as many orchestrations as you want You will provide the configuration for a specific orchestration. You can make them inherit The configuration if it's if it's common for multiple for multiple orchestrations And these will be used and parameterized to deploy your application Yeah, I already explained this The specification is basically If you want to create your application, you just write a yaml another yaml file And this yaml file is very open So you can add more information and you can probably create some other use cases Out of it. So you can add metadata. You can add some other pieces like how to build the images and stuff like that so It's easy to extend and your your tooling can use it for various different things And this is how to contribute to the specification. It's on github. There is an irc channel And there is a mailing list. So if you want to contribute You can quite easily And then there is implementation of the specification because if you're just a yaml file and you don't you don't have anything that can work with it You are kind of screwed. So you need some tool that will take the take The application definition and deploy it and run it So it's basically atomic app. It's a new local app installer It runs in container And it has provider plugins as I said you can deploy to various orchestration Orchestrations and there is a single command as I showed before atomic run something will let you to run the application Basically with single command It's based on docker. So we use docker as a packaging format basically And as a runtime for the atomic app. So it's not it's not the only way how to do it But it's the easiest right now It resolves dependencies as I said the problem of containers is that you cannot resolve dependencies easily. So it basically takes Takes the new local specification goes through the graph pulls all the needed components Which the component is basically another new local application puts it all together and Deploys it to an orchestrator It's um, there's few steps like fetch it will Download all the things then you can install which will construct them and run Provider plugins initially they used just they shell out to to Sheld out to commands that you will would be using if you want to deploy docker containers or kubernetes spots Right now it has been all re-implemented. So it uses api directly Which is much better because you don't have the version clashes of docker client in an image and docker server on the on the host and various crazy things that can happen And as I said, it's it's packaged in a container. So you basically deploy your containerized application from a container So we need more layers right like on n or shrek or something There are bunch of docker files which basis the atomic app on on various OSes or distributions And as I said, it's it's a self execution container. So if you if you want to run an application First you can just use atomic app to see what what it does by looking at help just by running this image Then if you build on top of it You will just use it as a as a base image for your application which Contains the the artifacts the yaml files for orchestrators and the nulicle file and If you then run it it will automatically find the content and and deploy it Basically like this with atomic you can use labels. Uh, so this is the run label. I think it's it's it's it has changed Since I created this slide But it will be very similar. So you basically run the container It knows that there is a directory slash atomic app and it will Look at the directory and will start start the deployment. Uh, so instead of uh, you having to Come up with some way or installing some tooling. You will just pull the container and do atomic run And again, it's same as for nulicle It's it's in the it's it's on github It's uh, it has a mailing list container tools, which is a team that is working on that And it has an irc channel or it shares an irc channel with nulicle Then there is another thing and that's called adb atomic Developer bundle development bundle sure And it's basically a toolbox you have heard about it from calling Earlier and it's a it's a great thing because if you want to develop containerized application The biggest problem I have always when I start is that I need to deploy Kubernetes or open shift or something somewhere that so that I can test my application So this tool or this uh, this project allows you to run these orchestrations various orchestrations easily in vagrant box So what you can do is just download vagrant file or get clone the repository Do vagrant app ssh in and you have running kubernetes You can download different vagrant file ssh in and you have running open shift v3 origin And it works. I've tested it last week. It's absolutely perfect There is a lot of documentation Based on adb it suggests how to use it how to create applications the containerized applications and allows you To easily use the vagrant files because there is how to install vagrant and all these all these things that you need to start So Basically, what was the what was the purpose of this talk to summarize it? I wrote it down on my block Um Four things that nulicle tries to solve is the parameterization So if you need to take your application and move it somewhere else, you will have to change some parameters Some environment variables in containers and and all these things So this is what nulicles will help you if you can define the parameters for the application And the user of the application will be able to easily change these parameters Reusability if you take a bunch of containers And you don't know what they are and how to use them You cannot use them Basically, so nulicle adds a layer on top of those and lets you to define how to use the container easily and then And then basically create a library or something that will that will serve you Of as the components of foreign for new applications It lets you to take care of multiple orchestrations at once. So you don't have to uh, you don't have to Have a various git repos for kubernetes and open shift and maraton You can all package it into a single image that will run When you run it it will deploy to a given provider And it solves the distribution of these artifacts. So if You want to distribute the ammo files you can do that as git, but it's not Always convenient you want to do it in a single way. So if you if you distribute your application as docker containers You want to probably distribute Your configuration for For orchestrations as a docker container too So what you should do now? You should probably read about it more other. It's it's all under project atomic So if you go to project atomic.io, you will see a lot of fancy demos there block posts And things like that You should play with that. So you just Do vagrant up with the vagrant file that I have a link in my slides too and You can try it and you probably should contribute because you have the experience with deploying and developing the containerized application So you might have a have a word in how it should be done here And what you do what you should do not right now, but just after basically after Not after the talk, but this afternoon. Sorry tomash krall Is having a workshop How to use nulecule an atomic app and he will tell you how to package all the stuff into Nulecules and how to use that and how it all works I wanted to show you a demo, but my vagrant box failed and I was not able to download all the images again On this on the on the connection here. So I'm sorry. I cannot give you a demo of of atomic app and nulecule And that's it. Only thing that I can I can demo is basically the Is basically the vagrant box. So I have a vagrant file Here that is downloaded from the adb github repository and you can see that there is some shell script That what it does is that it starts and setups the kubernetes It's not very hard to do so we can try to start it And see if it all works And I wanted to show that Kubernetes is one thing, but then there is open shift and to start open shift It's not that easy like to start it. It's very easy. But to to to set up it properly Is is not that easy But these guys the container tools team Make it very easy for you. So with a single command you can run open shift and deploy S2i images and all it all that things and there is also A marathon which is deployed to deploy it through ansible in the vagrant box. So I think that's that's that's pretty cool and Here we go It started So if I just log in huge Get notes so I will see that my local local local kubernetes Node is running and I can see that I actually Tried to start it, but it failed because it couldn't It couldn't download images So maybe maybe you will see that at at tomash's Presentation workshop It will probably work for him better and for me Okay, so if there are any questions I'd be happy to answer them Yes, colin Yeah, that's that's a good question. So what is the status of other providers and if there are any feedback on using other providers? I am not I'm not entirely sure because I wasn't following The issues lately. So the status is that it should all work And it was basically The open shift is very good example like you can deploy to kubernetes You can deploy to open shift at the same time But if you want to add more to that you need some other files that would be wouldn't be useful for kubernetes That's why you write at this at that moment. You need two different ways how to deploy things Then there is docker provider Which is basically for testing because if you don't have your ammo files for kubernetes yet You want to try it with docker if your application will go up and if you link it together if it works if it works And then there is a mesos provider that tomash wrote. I haven't tried that. I have no idea I haven't tried mesos at all. So I don't know, but I guess it works. I don't know if you have any any feedback for for these providers Yeah, so kubernetes and open shift are the most used providers And I know that there is integration with open shift already So if you do oc new app and provide a new level to it, it will start The you don't have to use the atomic app. You can use oc command open shift command To start the application to create the application inside inside Open shift directly So there is there is a work in progress on this integration, but I think it works right now Pretty well so basically Basically the question is if we can use numerical to modularize fedora Basically using containers to modularize fedora is one of the approaches that people are looking at looking at So creating these containers in a way that they can be reused is Goal for that. So you cannot just ask every every user to build their own containers and create them so You would need some way how to describe the containers so that it can runs easily on fedora I know there was some work On the roll kit if you heard about this project, it basically lets you create Set your machine to some role. So for example domain name serve not domain server IPA server the web server various roles And it there was some work going on to integrate nylacle in it So that you can either deploy natively as rpm packages and some setup or you can deploy in containers via nylacle So this is one thing that that we are looking into and it might be a good case How to how to containerize fedora more and how to modularize anymore? I don't want to It's it's nylacle If you want to I can I can probably go back to the first slide So that you can see See it written it's it's taken from simpsons It's When the nylacle leaves its nest that's where it all starts for atoms and things like that About what? Huh? Okay Yes So it uses docker containers So any docker registry is basically registry for nylacles The only thing that is missing is some kind of metadata service For registry that will let you to search through these Without having to specify a specific tag So right now you have to tag your image and that's only way how to search in in docker registries So if you want to use more metadata, I will have to have some metadata service I did some proof of concept that basically lets you to list List all the nylacles in some library. It was based on git and registry There are plans for that for for some for some kind of index and nylacle registry in centOS As far as I know and it is possible Though I I don't think that anybody put a lot of effort in that right now So the distribution part uses Normal docker registry if you want to list it and and go through it and see some details You would have to implement something on top of it that would analyze the files and and put them in some database or something Okay, anything else? Yes About what? security patching so I don't think that this is it's the question is sorry the question is What what I think about security patching of containers I think it's needed though I don't think that nylacle will basically help you with that because you would have to What you want to probably do is to take a look at the host see what containers are there And see if those are the latest version that you need to use to be secure Uh, so if you already deployed your application, you can get some kind of notification that there is outdated containers I think there are some work going on around this and project atomic as well. So atomic status or something will give you the idea but but I don't think that we can somehow help it here like you can You can say we can we can add some versioning Or more more specific versioning To the yaml files to nylacle files But it would require other tooling to to basically restart the containers and redeploy the application With the latest containers right So if the question is whether we only use a tag for dependencies or if we can use Something like I require a database and I don't care which one it is Um, that's a good question. We right now The dependencies can be only Specified by the tag by the by basically by link to another nylacle component But I think we already talked about it how we could how we could do that But that thing would require the metadata service that uh, there was the question before if we can have some registry for nylacles because if you cannot Investigate the the the metadata of the application. You cannot then say, okay, this provides Database so first thing we would have to have the library the real Library and metadata server that would provide this information And then we can then we can do something like this, but it's uh, it would be a great use case To have this Okay I don't think there are any more questions So thank you a lot. Sorry for a short talk Cross-cross