点融网的技术选型与演进万林涛/TonyWanDirectorofInfraServices--以Docker在点融的应用为例2AboutmeEMCLabsChina(2007.07~2014.01)•Virtualization,cloudcomputing,distributedsystems•Co-author:《大数据--战略̂·技术·实践》点融网(2014.01~Now)•DirectorofInfraServices•Dockerizedianrong.com•PrivatecloudwithDocker3Agenda•WhyDocker•HowweuseDocker•CloudwithDocker•Findings•Q&A4RoadmapofDocker@DianrongAdoptDockerAdvancedDockerCloudwithDocker2014/06Docker1.0released2015CI/CDwithDockerClusterMgmtwithk8s/mesos2016Docker-basedCloudWhyDocker?www.dianrong.com6BackgroundMigratetoIDCfrompubliccloud(@2014)•Pre-dockerEra•VMorContainerTheproblem•Envforlegacyappserver7Requirements•Resourcesharing–hardwareconsolidation•Simplifyconfigration•On-demanddeployment•Security8VMvsDockerOScgroups,namespace,capabilities,etc.LibrariesAppsLibrariesAppsLibrariesAppsHostOS/HypervisorGuestOSLibrariesAppsGuestOSLibrariesAppsGuestOSLibrariesApps•Lightweight•Sharingmore•OS/lib/binHowweuseDockerwww.dianrong.com10WhatisDockerizedFirewallLB1LB2----------------------------------------------------------------------------------------------------------------------------------------…FrontendAppsOtherComponents(redis,mongodb,etc.)BackendAppsDatabases11CI/CDdevelopreleasemasterGitServerdianrong.com/app:rt67dianrong.com/app:latestdianrong.com/app:prodDevelopBuildShipRunJenkinsDockerRegistryBuildJob#1BuildJob#2BuildJob#3QAEnvDevelopEnvStageEnvRuntimes12RoadtoCI/CDwarimagedemo/stageprod13StrategyNetwork•Bridge•Nomulti-hostnetworkingwithoverlayStorage•RawdevicesLogging•CentralloggingserverAvailability–Businesscontinuity•ServiceinterruptionacrossupgradesofDockerdaemon•App/servicewithHAdesign14Strategy–Cont’All-in-oneorRuntime-onlyimage•Updateimageforeachrelease•OnlyupdatecodewhiletheimageremainsthesameEnvvariablesorZookeeper•Configurationmanagement•WhynotetcdDockerfile:devorops•WhotakesownershipofDockfiles•DockerimageasdeliverablesSecurity•Management&accesscontrol•http://drops.wooyun.org/papers/15892CloudwithDockerwww.dianrong.com16AlternativesolutionsKubernetes/Mesos…•Appcluster?•Keepitsimplewhenyoucan,nottrytomessitupwithFANCYarch/techOpenStack•Tooheavyforus•Capacitytosupport/maintain/customizeRe-inventthewheel17High-levelArchitectureCMDBdrCloudITILSecurityCenter18High-levelArchitecture–Cont’CMDBDockerMonitorMessageBusDockerClusterManagerCloudDashboardDockerDaemonAPIDockerRegistryJenkinsAgentGitServerFindingswww.dianrong.com20KeyfactorstoadecisionBusinessrequirementsCostTechMaturityCapacityofTeamIndustryTrendPersonalpreference?Q&Awww.dianrong.com我们正在用技术改变金融行业www.dianrong.com
