Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker for Ruby Developers

Frank Macreery
August 11, 2015
Programming
3
630

Docker for Ruby Developers

Originally presented at NYC.rb.

Frank Macreery

August 11, 2015
Tweet

More Decks by Frank Macreery

See All by Frank Macreery
Aptible + TelePharm: HIPAA for Startups
fancyremarker
0
1.4k
Architecting Applications for HIPAA Compliance
fancyremarker
0
190
Containerization and Compliance
fancyremarker
0
550
HIPAA Dev Ops: Architecting Layers of Responsibility
fancyremarker
0
70
Garner: Anatomy of a Ruby Gem
fancyremarker
0
290

Other Decks in Programming

See All in Programming
Powerfully Typed TypeScript
euxn23
3
1.7k
Good first issues of TypeProf
mame
4
580
The grand strategy of Ruby Parser
yui_knk
5
310
slow types ってなんだろう?
karad
0
210
Enjoy Creative Coding with Ruby (RubyKaigi2024)
chobishiba
0
600
2024 コーディング研修
ckazu
2
650
Timeline エディター拡張入門
yucchiy
0
450
Jetpack Composeとデザインシステム
rmakiyama
0
230
『WordPressコミュニティで学ぶ』OSS貢献の多様性
ippey
0
260
Amazon Aurora Serverless v2が意外と高かった話と、 AWS Database Migration Serviceの話
satoshi256kbyte
1
110
How to improve maintainability and readability of your automated tests? ( #scrumniigata )
teyamagu
PRO
1
130
一文字エイリアスのすすめ
fujimura
0
200

Featured

See All Featured
Designing the Hi-DPI Web
ddemaree
276
33k
RailsConf 2023
tenderlove
9
580
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
228
130k
A designer walks into a library…
pauljervisheath
201
23k
Music & Morning Musume
bryan
41
5.6k
The Power of CSS Pseudo Elements
geoffreycrofte
62
5k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
34
6.1k
Thoughts on Productivity
jonyablonski
60
3.9k
Embracing the Ebb and Flow
colly
80
4.2k
Bash Introduction
62gerente
605
210k

Transcript

  1. Docker for Ruby Developers NYC.rb, August 2015 Frank Macreery CTO,

    Aptible @fancyremarker https://speakerdeck.com/fancyremarker
  2. None

  3. Docker What’s it all about?

  4. None
  5. None

  6. Docker Containers: The new virtual machines?

  7. https://www.docker.com/whatisdocker Then: Virtual Machines

  8. https://www.docker.com/whatisdocker

  9. https://www.docker.com/whatisdocker Now: Containers

  10. https://www.docker.com/whatisdocker

  11. Getting Started with Docker

  12. boot2docker

  13. Kitematic

  14. Getting Started with Docker Install boot2docker via http://boot2docker.io/#installation echo 'eval

    "$(boot2docker shellinit)"' >> ~/.bashrc

  15. Getting Started with Docker Alternatively (if you have Homebrew and

    VirtualBox installed)…
 
 brew install boot2docker brew install docker

  16. Getting Started with Docker Images and containers

  17. docker pull quay.io/aptible/nginx:latest

  18. docker pull quay.io/aptible/nginx:latest Reference to a Docker image

  19. docker pull quay.io/aptible/nginx:latest Image "repositories" can have many "tags"

  20. docker pull quay.io/aptible/nginx:latest Pulls an image from a Docker "registry"

  21. A single Docker image consists of many "layers"

  22. docker images

  23. docker run -d -p 80:80 -p 443:443 \ quay.io/aptible/nginx:latest

  24. docker run -d -p 80:80 -p 443:443 \ quay.io/aptible/nginx:latest Launches

    a new container from an existing image

  25. docker run -d -p 80:80 -p 443:443 \ quay.io/aptible/nginx:latest Forward

    container ports to the host (host port:container port)

  26. docker run -d -p 80:80 -p 443:443 \ quay.io/aptible/nginx:latest Run

    container in background

  27. docker ps

  28. None
  29. None

  30. Simplifying SOA Service-oriented architectures without the complexity

  31. Dev/prod parity?

  32. None

  33. What makes dev/prod parity so hard?

  34. What makes dev/prod parity so hard? 1 production deployment, many

    development/ staging environments

  35. What makes dev/prod parity so hard? SOA simplifies each service’s

    responsibilities, but often at the cost of additional deployment complexity

  36. What makes dev/prod parity so hard? The more services you

    have, the harder it is to achieve dev/prod parity

  37. What makes dev/prod parity so hard? The more engineers you

    have, the harder it is to standardize dev parity
  38. None
  39. None
  40. None

  41. README != Automation

  42. Dev/prod parity via Docker

  43. Dev/prod parity via Docker Define services in terms of Docker

    images

  44. # docker-compose.yml for Aptible Auth/API auth: build: auth.aptible.com/ ports: "4000:4000"

    links: - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_auth_development api: build: api.aptible.com/ ports: "4001:4001" links: - redis - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_api_development REDIS_URL: redis://redis APTIBLE_AUTH_ROOT_URL: http://docker:4000 redis: image: quay.io/aptible/redis:latest ports: "6379:6379" postgresql: image: quay.io/aptible/postgresql:aptible-seeds ports: "5432:5432"

  45. # docker-compose.yml for Aptible Auth/API auth: build: auth.aptible.com/ ports: "4000:4000"

    links: - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_auth_development api: build: api.aptible.com/ ports: "4001:4001" links: - redis - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_api_development REDIS_URL: redis://redis APTIBLE_AUTH_ROOT_URL: http://docker:4000 redis: image: quay.io/aptible/redis:latest ports: "6379:6379" postgresql: image: quay.io/aptible/postgresql:aptible-seeds ports: "5432:5432"

  46. # docker-compose.yml for Aptible Auth/API auth: build: auth.aptible.com/ ports: "4000:4000"

    links: - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_auth_development api: build: api.aptible.com/ ports: "4001:4001" links: - redis - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_api_development REDIS_URL: redis://redis APTIBLE_AUTH_ROOT_URL: http://docker:4000 redis: image: quay.io/aptible/redis:latest ports: "6379:6379" postgresql: image: quay.io/aptible/postgresql:aptible-seeds ports: "5432:5432"

  47. # docker-compose.yml for Aptible Auth/API auth: build: auth.aptible.com/ ports: "4000:4000"

    links: - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_auth_development api: build: api.aptible.com/ ports: "4001:4001" links: - redis - postgresql environment: RAILS_ENV: development DATABASE_URL: postgresql://postgresql/aptible_api_development REDIS_URL: redis://redis APTIBLE_AUTH_ROOT_URL: http://docker:4000 redis: image: quay.io/aptible/redis:latest ports: "6379:6379" postgresql: image: quay.io/aptible/postgresql:aptible-seeds ports: "5432:5432"

  48. Dev/prod parity via Docker Use the same service/image configuration in

    production as in development (Docker Compose, Swarm, Kubernetes…)

  49. Containerized SSL Infrastructure management made easy

  50. Elastic Load Balancer (ELB) EC2 Instance EC2 Instance NGiNX NGiNX

  51. TCP/HTTPS TCP/HTTPS HTTP HTTP

  52. How to configure NGiNX with multiple dynamic upstreams? Chef? Salt?

    Ansible?

  53. ENV configuration $UPSTREAM_SERVERS

  54. docker run -d -p 80:80 -p 443:443 \ -e UPSTREAM_SERVERS=docker:4000,docker:4001

    \ quay.io/aptible/nginx:latest

  55. docker run -d -p 80:80 -p 443:443 \ -e UPSTREAM_SERVERS=docker:4000,docker:4001

    \ quay.io/aptible/nginx:latest

  56. ENV configuration Makes testing easier

  57. https://github.com/sstephenson/bats

  58. # Dockerfile # Install and configure NGiNX... # ... ADD

    test /tmp/test RUN bats /tmp/test https://github.com/aptible/docker-nginx Image: quay.io/aptible/nginx

  59. #!/usr/bin/env bats # /tmp/test/nginx.bats @test "It should accept a list

    of UPSTREAM_SERVERS" { simulate_upstream UPSTREAM_SERVERS=localhost:4000 wait_for_nginx run curl localhost 2>/dev/null [[ "$output" =~ "Hello World!" ]] }

  60. #!/usr/bin/env bats # /tmp/test/nginx.bats @test "It should accept a list

    of UPSTREAM_SERVERS" { simulate_upstream UPSTREAM_SERVERS=localhost:4000 wait_for_nginx run curl localhost 2>/dev/null [[ "$output" =~ "Hello World!" ]] }

  61. @test "It should accept a list of UPSTREAM_SERVERS" { simulate_upstream

    UPSTREAM_SERVERS=localhost:4000 wait_for_nginx run curl localhost 2>/dev/null [[ "$output" =~ "Hello World!" ]] } simulate_upstream() { nc -l -p 4000 127.0.0.1 < upstream-response.txt }

  62. ENV configuration Abstracts implementation details: could be NGiNX, HAProxy, …

  63. ENV configuration Simplifies configuration management: central store doesn’t need to

    know parameters in advance

  64. ENV configuration $UPSTREAM_SERVERS $FORCE_SSL $DISABLE_WEAK_CIPHER_SUITES (…)

  65. Vulnerability Response Fix, test, docker push, restart

  66. Heartbleed

  67. Heartbleed POODLEbleed

  68. Heartbleed POODLEbleed xBleed???

  69. Integration Tests Document and test every vulnerability response

  70. #!/usr/bin/env bats # /tmp/test/nginx.bats @test "It should pass an external

    Heartbleed test" { install_heartbleed wait_for_nginx Heartbleed localhost:443 uninstall_heartbleed }

  71. @test "It should pass an external Heartbleed test" { install_heartbleed

    wait_for_nginx Heartbleed localhost:443 uninstall_heartbleed } install_heartbleed() { export GOPATH=/tmp/gocode export PATH=${PATH}:/usr/local/go/bin:${GOPATH}/bin go get github.com/FiloSottile/Heartbleed go install github.com/FiloSottile/Heartbleed }

  72. Integration tests happen during each image build

  73. Integration tests happen during each image build Images are built

    automatically via Quay Build Triggers
  74. None

  75. Integration tests happen during each image build Build status is

    easy to verify at a glance
  76. None

  77. Integration tests happen during each image build Quay Time Machine

    lets us roll back an image to any previous state
  78. None

  79. Database Deployment Standardizing an "API" across databases

  80. None

  81. New databases mean new dependencies

  82. New databases mean new dependencies How to document setup steps

    for engineers?

  83. New databases mean new dependencies How to deploy in production?

  84. New databases mean new dependencies How to perform common admin

    tasks? Backups? Replication? CLI access? Read-only mode?

  85. Wrap Databases in a Uniform API Standardizing an "API" across

    databases

  86. #!/bin/bash # run-database.sh command="/usr/lib/postgresql/$PG_VERSION/bin/postgres -D "$DATA_DIRECTORY" -c config_file=/etc/postgresql/ $PG_VERSION/main/postgresql.conf" if

    [[ "$1" == "--initialize" ]]; then chown -R postgres:postgres "$DATA_DIRECTORY" su postgres <<COMMANDS /usr/lib/postgresql/$PG_VERSION/bin/initdb -D "$DATA_DIRECTORY" /etc/init.d/postgresql start psql --command "CREATE USER ${USERNAME:-aptible} WITH SUPERUSER PASSWORD '$PASSPHRASE'" psql --command "CREATE DATABASE ${DATABASE:-db}" /etc/init.d/postgresql stop COMMANDS elif [[ "$1" == "--client" ]]; then [ -z "$2" ] && echo "docker run -it aptible/postgresql --client postgresql://..." && exit psql "$2" elif [[ "$1" == "--dump" ]]; then [ -z "$2" ] && echo "docker run aptible/postgresql --dump postgresql://... > dump.psql" && exit pg_dump "$2" elif [[ "$1" == "--restore" ]]; then [ -z "$2" ] && echo "docker run -i aptible/postgresql --restore postgresql://... < dump.psql" && exit psql "$2"

  87. #!/bin/bash # run-database.sh command="/usr/lib/postgresql/$PG_VERSION/bin/postgres -D "$DATA_DIRECTORY" -c config_file=/etc/postgresql/ $PG_VERSION/main/postgresql.conf" if

    [[ "$1" == "--initialize" ]]; then chown -R postgres:postgres "$DATA_DIRECTORY" su postgres <<COMMANDS /usr/lib/postgresql/$PG_VERSION/bin/initdb -D "$DATA_DIRECTORY" /etc/init.d/postgresql start psql --command "CREATE USER ${USERNAME:-aptible} WITH SUPERUSER PASSWORD '$PASSPHRASE'" psql --command "CREATE DATABASE ${DATABASE:-db}" /etc/init.d/postgresql stop COMMANDS elif [[ "$1" == "--client" ]]; then [ -z "$2" ] && echo "docker run -it aptible/postgresql --client postgresql://..." && exit psql "$2" elif [[ "$1" == "--dump" ]]; then [ -z "$2" ] && echo "docker run aptible/postgresql --dump postgresql://... > dump.psql" && exit pg_dump "$2" elif [[ "$1" == "--restore" ]]; then [ -z "$2" ] && echo "docker run -i aptible/postgresql --restore postgresql://... < dump.psql" && exit psql "$2"

  88. --initialize: Initialize data directory --client: Start a CLI client --dump:

    Dump database to STDOUT --restore: Restore from dump --readonly: Start database in RO mode

  89. db-launch () { container=$(head -c 32 /dev/urandom | md5); passphrase=${PASSPHRASE:-foobar};

    image="${@: -1}"; docker create --name $container $image docker run --volumes-from $container \ -e USERNAME=aptible -e PASSPHRASE=$passphrase \ -e DB=db $image --initialize docker run --volumes-from $container $@ } http://bit.ly/aptible-dblaunch

  90. docker create --name $container $image http://bit.ly/aptible-dblaunch 1. Create "volume container"

  91. docker run --volumes-from $container \ -e USERNAME=aptible -e PASSPHRASE=$passphrase \

    -e DB=db $image --initialize http://bit.ly/aptible-dblaunch 2. Initialize database data volume

  92. docker run --volumes-from $container $@ http://bit.ly/aptible-dblaunch 3. Run database

  93. None

  94. Thank you

  95. @fancyremarker [email protected]
 https://speakerdeck.com/fancyremarker