fix-redirects.sh: adding forced redirect

ARG can be placed even before!

prepare-vms/Dockerfile

@@ -8,23 +8,47 @@ RUN apt-get update && apt-get install -y \
     groff \
     jq \
     less \
+    locales \
     man \
     pssh \
     python \
+    python3 \
     python-docutils \
     python-pip \
+    python3-pip \
     ssh \
+    unzip \
     wkhtmltopdf \
     xvfb \
     --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
-RUN pip install \
+# Set the locale
+RUN sed -i -e 's/# en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/' /etc/locale.gen && \
+    dpkg-reconfigure --frontend=noninteractive locales && \
+    update-locale LANG=en_GB.UTF-8
+
+ENV LANG en_GB.UTF-8
+ENV LC_ALL en_GB.UTF-8
+
+ARG TERRAFORM_VERSION=0.11.13
+RUN curl -s https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+    -o terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+ && unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+ && mv terraform /usr/local/bin \
+ && rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip
+
+
+RUN pip install -U \
     awscli \
     jinja2 \
     pdfkit \
     PyYAML \
-    termcolor
+    termcolor \
+ && pip3 install -U \
+    jinja2 \
+    pdfkit \
+    PyYAML
 
 RUN mv $(which wkhtmltopdf) $(which wkhtmltopdf).real
 COPY lib/wkhtmltopdf /usr/local/bin/wkhtmltopdf

prepare-vms/docker-compose.yml

@@ -7,6 +7,8 @@ services:
         working_dir: /root/prepare-vms
         volumes:
             - $HOME/.aws/:/root/.aws/
+            - $HOME/.ssh/:/root/.ssh/
+            - $HOME/.config/openstack:/root/.config/openstack
             - $SSH_AUTH_SOCK:$SSH_AUTH_SOCK
             - $PWD/:/root/prepare-vms/
         environment:
@@ -16,4 +18,4 @@ services:
             AWS_DEFAULT_REGION: ${AWS_DEFAULT_REGION}
             AWS_INSTANCE_TYPE: ${AWS_INSTANCE_TYPE}
             USER: ${USER}
-        entrypoint: /root/prepare-vms/workshopctl
+#        entrypoint: /root/prepare-vms/workshopctl

prepare-vms/lib/commands.sh

@@ -264,6 +264,18 @@ EOF"
     sep "Done"
 }
 
+_cmd minikube "Install kind to optionnaly transform a docker machine in a small kube cluster"
+_cmd_minikube() {
+    TAG=$1
+    need_tag
+
+    pssh --timeout 200 "
+    sudo curl -L https://github.com/kubernetes/minikube/releases/download/v1.6.2/minikube-linux-amd64 -o /usr/local/bin/minikube
+    sudo chmod +x /usr/local/bin/minikube
+    sudo minikube config set vm-driver none
+    "
+}
+
 _cmd kubereset "Wipe out Kubernetes configuration on all nodes"
 _cmd_kubereset() {
     TAG=$1

prepare-vms/settings/fundamentals.yaml

@@ -27,4 +27,6 @@ compose_version: 1.24.1
 machine_version: 0.15.0
 
 # Password used to connect with the "docker user"
-docker_user_password: training
+docker_user_password: Unicaen
+
+url: https://intro-2019-12.container.training/

prepare-vms/terraform/machines.tf

@@ -1,5 +1,5 @@
 resource "openstack_compute_instance_v2" "machine" {
-  count           = "${var.count}" 
+  count           = "${var.count}"
   name            = "${format("%s-%04d", "${var.prefix}", count.index+1)}"
   image_name      = "Ubuntu 16.04.5 (Xenial Xerus)"
   flavor_name     = "${var.flavor}"

prepare-vms/terraform/provider.tf

@@ -1,13 +1,13 @@
 provider "openstack" {
-  user_name   = "${var.user}"
-  tenant_name = "${var.tenant}"
-  domain_name = "${var.domain}"
-  password    = "${var.password}"
-  auth_url    = "${var.auth_url}"
+  #  user_name   = "${var.user}"
+  #  tenant_name = "${var.tenant}"
+  #  domain_name = "${var.domain}"
+  #  password    = "${var.password}"
+  #  auth_url    = "${var.auth_url}"
 }
 
-variable "user" {}
-variable "tenant" {}
-variable "domain" {}
-variable "password" {}
-variable "auth_url" {}
+#variable "user" {}
+#variable "tenant" {}
+#variable "domain" {}
+#variable "password" {}
+#variable "auth_url" {}

slides/_redirects

@@ -2,6 +2,7 @@
 #/ /kube-halfday.yml.html 200
 #/ /kube-fullday.yml.html 200
 #/ /kube-twodays.yml.html 200
+/ /intro-fullday.yml.html 200!
 
 # And this allows to do "git clone https://container.training".
 /info/refs service=git-upload-pack https://github.com/jpetazzo/container.training/info/refs?service=git-upload-pack

slides/containers/Advanced_Dockerfiles.md

@@ -27,7 +27,9 @@ In this section, we will see more Dockerfile commands.
 * When there are no changes in the instructions and files making a layer,
   the builder re-uses the cached layer, without executing the instruction for that layer.
 
-* The `FROM` instruction MUST be the first non-comment instruction.
+* The `FROM` instruction ~~MUST~~ be the first non-comment instruction.
+
+ (Addendum: `ARG` can now be placed before a `FROM`)
 
 * Lines starting with `#` are treated as comments.
 

slides/containers/Init_systems.md

@@ -0,0 +1,79 @@
+# Init-systems and PID 1
+
+In this chapter, we will consider the role of PID 1 in the world of Docker,
+
+and how to avoid some common pitfalls due to the misuse of init-systems.
+
+---
+## Don't use init-systems
+
+- It's often tempting to use init-systems (*systemd*, *supervisord*)
+
+  and use docker as a "lightweight VM"
+
+- This often a bad idea, as it make things harder to debug:
+
+  - *example 1*: if you start a container changing it's entrypoint to a shell,
+
+      how to easily start the original process ?
+
+  - *example 2*: if you run multiple process, logs are mixed to stdout
+
+  - *example 3*: you're process is dying but you're init process is not
+
+      => the container is running for nothing
+
+---
+## Don't use init-systems, but ...
+
+- In UNIX, a dead child process still use a PID till it's parent read it's status
+
+- In the meantime of being read by it's parent,
+
+  those process are called `Zombie` or `defunct` process
+
+- If not being ripped off, zombie processes could crash a server (PID exhaution)
+
+- If the parent also dies before reading it's child container the zombie are attach to the PID 1 in some cases.
+
+- On a VM or real system, one of the role of the PID 1(Init-systems) is to rip zombies.
+
+  *This also apply to containers*
+
+---
+## Use an init
+
+- You're application is running as PID 1 in the docker container
+
+- You're application is surely not designed to read status of random attaching child
+
+- Then everything is blowing up due to PID exhaution
+
+  => Docker now has a built-in init you can enable `docker run --init`
+
+- This is a small init-system([tini](https://github.com/krallin/tini)) that takes the role of PID 1
+
+- Only rips zombies, completly transparent otherwise
+
+  (forwards signals, exit when child exit, etc).
+
+- Orchestrators like kubernetes has no option to turn `--init` when running container,
+
+  so you might want to add explicitly to you're docker image, and use it as entrypoint
+
+---
+## Use it or not ?
+
+- Sometimes it's also handy to run a full init-system like *systemd*:
+
+  - In CI when you're goal is exactly to test an init-script or a unit-file.
+
+- You might think, if it's ok for *systemd*, this is surely ok for *supervisord*
+
+  especially running multiple times the same process (then, mixed logs is not a big deal)
+
+  => I would strongly *NOT* recommand to do so.
+
+- It's often design to restart unhealthy process automatically
+
+  and thus masquerade things to the operator or to the orchestrator (whose role is identical)

slides/containers/Multi_Stage_Builds.md

@@ -311,5 +311,3 @@ virtually "free."
   (Instead of using multiple Dockerfiles, which could go out of sync)
 
 * Sometimes, we want to inspect a specific intermediary build stage.
-
-* Or, we want to describe multiple images using a single Dockerfile.

slides/images/kubernetes_pods.drawio

@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2019-12-06T15:04:22.728Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" etag="zsQLtxL9GRXJF3jcROIq" version="12.3.7" type="device" pages="1"><diagram id="hOpsmMj0j3CSse8MyRSQ" name="Page-1">3VhLU9swEP41nmkPzcR2EpIjCaHtUEo6HCi9dBRb2BoUy8hyHvz6rmzJD9mBQBJgmoMjrVcr6dtvVytb7mSx/spRHF4yH1PL6fpryz2zHMcZ9Rz4k5JNLrFtd5RLAk58JSsF1+QRK2FXSVPi46SmKBijgsR1oceiCHuiJkOcs1Vd7Y7R+qwxCnBDcO0h2pTeEF+EuXTonJTyb5gEoZ7ZHqj9LZBWVjtJQuSzVUXkTi13whkTeWuxnmAq0dO45OPOt7wtFsZxJHYZ8PfXAwsvwsvLP5duOpn2bx4ufnyx1WqXiKZqx5YzoGBw7JMlNAPZDFkiQOkTGF8iDk9K5vC8T+eYYnhz3ul0Putxc66HaQkoVIwpNMRGQ8xZGvlYrrILr1chEfg6Rp58uwJWyfnFgkLPhiaiJIigzXPMlbUl5gKvtwJjF3ADUTFbYME3oKIGDJWDFEXdruqvSn/3ekoWVn2tPYsUx4LCdOkGaChPvMQrDafMmL8fbiHj5JFFAmmBhIwAz08VoILFR4GztyOaheLB0XQaaMYoTXCeNAQiEeb7YXsA0AoubeogVlBz3RbUjgaa2wAtCki0/nBA2S38elukei0Z1AAJR/6pPIug51GUJMSr4wJ755vf1c6tBLTT192ztQI47210b01EMQzalVHQKwfJTjHGh/NNLQ3TOVtNS4FykFR52j2wO5ZyDz9PIIF4gMVz0dl0d8Wd/RZvahnHFAmyrC+3zcVqhhkjkaiwqWvk/oHBknybalT1cDUN9Q1DtmEox6FhCGiBNhW1WCok2xfcM7Kr7dYOfWjkFks6F5i+nuHNGiHm0miI00TSZR0ziOiPl0SdlpP8bXOD3TzJd0sOCfBFaHHEIvxBE0a2znMiUcmUd00g7xXwPSNOHbOG2zXgTUNFJjl2wA/eIODtYQttG7eCn1isGL+3JIQDtJDxnD9B8n02yeU7XgkaxiO0wEmWLLKbEydRsON1AvKHaL8zeMBBSFPN2ndBfD+jM8cJeUTzzJSks/IO2O2Prf6ZnM4dUwTXnjHy7oMswU0YZTyb2r3LftIOE8BSJm2PyrBoSW7q2qqmtAo6VgPmicyyNRV2O1Bl92rM0XXwvkfm0AigugF2d5dgYVD0MKRslqQN3wNTYpxlTIGfP3LmhQ+vUkGJTLKZ3Ef8/gpGEZHlwE5XJsgk/zThHOmscp3mWTVoyYPDox1VB6hjP3r2t/XnKBP0F5d7hiF7aITBlux/sFgY/E+x4JhV+LvHwsn+saBLLV1P3VZrK7lxe1QWXtX6bIY5gW3Ig+pFJdUOd7KcNu8VfeaHoZNXBp9jlvlm+f7q4INu+T02Vy8/a7vTfw==</diagram></mxfile>

slides/intro-fullday.yml

@@ -2,12 +2,12 @@ title: |
   Introduction
   to Containers
 
-chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
-#chat: "[Gitter](https://gitter.im/jpetazzo/workshop-yyyymmdd-city)"
+#chat: "[Slack](https://dockercommunity.slack.com/messages/C7GKACWDV)"
+chat: "[Gitter](https://gitter.im/enix/univ-caen-intro-docker)"
 
 gitrepo: github.com/jpetazzo/container.training
 
-slides: http://container.training/
+slides: http://intro-2019-12-container.training/
 
 #slidenumberprefix: "#SomeHashTag — "
 
@@ -20,46 +20,59 @@ chapters:
 - containers/intro.md
 - shared/about-slides.md
 - shared/toc.md
-- - containers/Docker_Overview.md
+-
+  - containers/Docker_Overview.md
   #- containers/Docker_History.md
   - containers/Training_Environment.md
   - containers/Installing_Docker.md
   - containers/First_Containers.md
   - containers/Background_Containers.md
-  - containers/Start_And_Attach.md
-- - containers/Initial_Images.md
+  - containers/Initial_Images.md
+-
   - containers/Building_Images_Interactively.md
   - containers/Building_Images_With_Dockerfiles.md
   - containers/Cmd_And_Entrypoint.md
-- - containers/Copying_Files_During_Build.md
+  - containers/Copying_Files_During_Build.md
   - containers/Exercise_Dockerfile_Basic.md
+-
+  - containers/Dockerfile_Tips.md
   - containers/Multi_Stage_Builds.md
   - containers/Publishing_To_Docker_Hub.md
-  - containers/Dockerfile_Tips.md
   - containers/Exercise_Dockerfile_Advanced.md
-- - containers/Naming_And_Inspecting.md
+-
+  - containers/Naming_And_Inspecting.md
   - containers/Labels.md
+  - containers/Start_And_Attach.md
   - containers/Getting_Inside.md
   - containers/Resource_Limits.md
-- - containers/Container_Networking_Basics.md
+- # Day 2
+  - containers/Container_Networking_Basics.md
   - containers/Network_Drivers.md
   - containers/Container_Network_Model.md
   #- containers/Connecting_Containers_With_Links.md
-  - containers/Ambassadors.md
-- - containers/Local_Development_Workflow.md
-  - containers/Windows_Containers.md
+-
+  - containers/Local_Development_Workflow.md
+  #- containers/Windows_Containers.md
   - containers/Working_With_Volumes.md
   - containers/Compose_For_Dev_Stacks.md
   - containers/Exercise_Composefile.md
-- - containers/Docker_Machine.md
+-
+#  - containers/Docker_Machine.md
+  - containers/Ambassadors.md
   - containers/Advanced_Dockerfiles.md
+  - containers/Init_systems.md
   - containers/Application_Configuration.md
   - containers/Logging.md
-- - containers/Namespaces_Cgroups.md
-  - containers/Copy_On_Write.md
-  #- containers/Containers_From_Scratch.md
-- - containers/Container_Engines.md
+-
+  - containers/Container_Engines.md
+  - k8s/Pods_anatomy.md
   #- containers/Ecosystem.md
   - containers/Orchestration_Overview.md
   - shared/thankyou.md
   - containers/links.md
+-
+  - |
+    # Appendix
+  - containers/Namespaces_Cgroups.md
+  - containers/Copy_On_Write.md
+  #- containers/Containers_From_Scratch.md

slides/k8s/Pods_anatomy.md

@@ -0,0 +1,27 @@
+# container super-structure (Pods)
+
+A container super-structure supported by many container engine seems to emerge,
+we will see how it maps in the docker worlds
+
+
+
+---
+class: pic
+
+## Pod
+
+![Pods](images/kubernetes_pods.svg)
+---
+# Anatomy of a Pod
+
+- The containers inside a pod share the network namespace (`--net=container:<container_id>`)
+
+   => the one of the "pause" containers
+
+- This means that if the container "pause" is killed all other container are killed
+
+- This is the reason for this container to do nothing but being alive
+
+- Containers can contact other container port via `localhost`
+
+- Containers don't share filesystem except the volumes you want to mount on each of them

slides/logistics.md

@@ -1,12 +1,7 @@
 ## Intros
 
-- This slide should be customized by the tutorial instructor(s).
 
-- Hello! We are:
-
-   - .emoji[👩🏻‍🏫] Ann O'Nymous ([@...](https://twitter.com/...), Megacorp Inc)
-
-   - .emoji[👨🏾‍🎓] Stu Dent ([@...](https://twitter.com/...), University of Wakanda)
+- I am: .emoji[👨] Julien (Zempashi on GitHub) (Enix SAS)
 
  <!-- .dummy[
 
@@ -22,9 +17,9 @@
 
 ] -->
 
-- The workshop will run from ...
+- The workshop will run from 9:00 to 17:00
 
-- There will be a lunch break at ...
+- There will be a lunch break around 12:30
 
   (And coffee breaks!)
 

slides/shared/title.md

@@ -10,12 +10,14 @@ class: title, in-person
 
 @@TITLE@@<br/></br>
 
+
 .footnote[
-**Be kind to the WiFi!**<br/>
-<!-- *Use the 5G network.* -->
+*Room*: Mecure<br/>
+<!--**Be kind to the WiFi!**<br/>
+<!-- *Use the 5G network.*
 *Don't use your hotspot.*<br/>
 *Don't stream videos or download big files during the workshop[.](https://www.youtube.com/watch?v=h16zyxiwDLY)*<br/>
-*Thank you!*
+*Thank you!*-->
 
 **Slides: @@SLIDES@@**
 ]