Containerized Chaos
Applying Chaos Principles to Docker Containers
Chaos Engineering Meetup Hamburg · July 12th, 2016
Thilo-Alexander Ginkel · TG Byte Software GmbH
@thiloginkel · tg@tgbyte.de · www.tgbyte.de
About /me
About /me
Thilo-Alexander Ginkel
Freelance Software Engineer, Trainer and Consultant
Full-stack software engineer, but I especially like
Backend development
DevOps including Docker, Ansible, Puppet
<advertisement>Available for contract work</advertisement>
Poll
Poll
Who is using Docker?
In Production?
Who is applying Chaos Engineering principles?
In Production?
Agenda
Agenda
Docker Introduction
Chaos Engineering Recap
Pumba: Containerized Chaos
Demo
Q&A
Docker
Docker
Container-based virtualization
Docker Container vs. VM
VM
Hardware-based virtualization
OS-agnostic, i.e., most OSes are supported as guest
VM typically hosts a full-blown operating system
Docker Container
Technically, a mash-up of existing tech + a few novel parts
Containers share the host’s Linux kernel, i.e., no hypervisor
Mashup of existing technologies
Linux Kernel namespaces (isolation)
cgroups ("control groups"; resource isolation)
chroot (file system isolation)
UnionFS (file system overlay)
networking (iptables, bridge networks)
Plus a novel application packaging format (standardized by OCI)
Docker Container vs. VM
Terminology
Terminology
Image
Frozen file system snapshot
(Fine print: Immutable layered set of file system changes on top of a base image)
Container
A running instance of an image
Note: There can be many instances of the same image
Architecture
Architecture
Image credits: Docker, Inc. https://docs.docker.com/engine/understanding-docker/
Philosophy
Philosophy
"Build once, run anywhere"
Containers…
…consist of just what’s needed to run a given service
…are short-lived
…should be state-less
Immutable infrastructure / "cow vs. cattle"
State is kept in volumes
Docker Hands-On
Chaos Engineering
Chaos Engineering
Inject failures into (production) systems to continuously challenge resilient system design
Chaos Monkey: Randomly kills AWS instances (VMs)
But what about Docker containers?
Single host instance potentially hosts dozens of containers
But: Single containers can also fail on their own
(Ideally) being stateless: Perfect victims for chaos experiments
Can we simulate single container failures?
Of course! :-)
Pumba: Containerized Chaos
Pumba: Containerized Chaos
Who is Pumba(a)?
A character (warthog) from the Lion King ;-)
Name derived from Swahili: "to be foolish, silly, weakminded, careless, negligent" (Source: Wikipedia)
Pumba: Containerized Chaos
What is Pumba?
A chaos testing tool for docker containers
Open source on GitHub: https://github.com/gaia-adm/pumba
Monitors containers on a docker host and periodically {terminates|kills|removes} a victim
Optionally reports to Slack
Shipped as a Docker image
Pumba: Containerized Chaos
What about clustered environments?
Just run pumba as a service on each node
As it turned out, well-suited for stress-testing the new Docker 1.12 swarm mode: https://github.com/docker/docker/issues/24486
Demo Time
Wrap-Up
Wrap-Up
A Dockerized environment provides the perfect foundation for running Chaos Experiments
Pumba can be a valuable addition to existing chaos testing tools (such as Chaos Monkey) for inducing single container failures throughout the system landscape
Questions?
Thank you!
@thiloginkel · tg@tgbyte.de
Docker Consulting & Training
Find these slides at:
https://www.tgbyte.de/talks/containerized-chaos-hh
Image Credits
"Containerschiff Hyundai Ambition verlässt Hamburg im November 2013" by Buonasera - CC BY-SA 3.0
"Light chaos" by Kevin Dooley - CC BY 2.0
"Common Warthog (Phacochoerus africanus) big male" by Bernard DUPONT - CC BY-SA 2.0
"A backlit laptop computer keyboard" - © User:Colin / Wikimedia Commons / CC-BY-SA-4.0
