A smooth migration to Docker focusing on build pipelines

Transcript

Paul Bonaud @paulrb_r Maxime Visonneau @mvisonneau A SMOOTH MIGRATION TO

DOCKER FOCUSING ON BUILD PIPELINES

Paul Bonaud ⌨ + ⚙ + ▶ Infra & Ops

Engineer ⏸ So ware Developer Maxime Visonneau ⌨ + + Infrastructure Engineer

Building all projects Android, JS (Ember), C++, Ruby

None

Deploying everything Nginx, apps, infrastructure

None

Single architecture (Debian 7)

None

Dockerfile FROM ruby:2.4-jessie RUN apt-get update RUN apt-get -y install

libpq-dev ghostscript WORKDIR /opt/app COPY Gemfile Gemfile.lock /opt/app RUN bundle install VOLUME /opt/app CMD [ "make", "run" ]

Dockerfile FROM ruby:2.4-jessie RUN apt-get update RUN apt-get -y install

Dockerfile FROM ruby:2.4-jessie RUN apt-get update && \ apt-get -y

install libpq-dev ghostscript && \ rm -rf /var/lib/apt/lists/* WORKDIR /opt/app COPY Gemfile Gemfile.lock /opt/app RUN bundle install VOLUME /opt/app CMD [ "make", "run" ]

Dockerfile FROM ruby:2.4-jessie RUN apt-get update && \ apt-get -y

Integrated Docker registry! registry.gitlab.com

Version controlled .gitlab-ci.yml

.gitlab-ci.yml stages: - build - test - package - deploy

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} LATEST_IMAGE: ${CI_REGISTRY}/${CI_PROJECT_PATH}:latest build:docker: stage: build tags:

[ privileged ] image: "docker:latest" before_script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} script: - docker pull ${LATEST_IMAGE} || true - docker build --cache-from ${LATEST_IMAGE} -t ${IMAGE} -t ${LATEST_IMAGE} . - docker push ${IMAGE} - docker push ${LATEST_IMAGE}

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} LATEST_IMAGE: ${CI_REGISTRY}/${CI_PROJECT_PATH}:latest build:docker: stage: build tags:

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} # (...) image: ${IMAGE}

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} # (...) image: ${IMAGE} test: stage:

test script: - make test

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} # (...) image: ${IMAGE} test: stage:

test script: - make test package: stage: package script: - make package > release.tar.gz artifacts: paths: [ release.tar.gz ]

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} # (...) deploy:integration: stage: deploy image:

${CI_REGISTRY}/infra/ansible:latest variables: ENV: integration script: - make deploy file=release.tar.gz env=${ENV}

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} # (...) deploy:integration: &deploy stage: deploy

image: ${CI_REGISTRY}/infra/ansible:latest variables: ENV: integration script: - make deploy file=release.tar.gz env=${ENV} deploy:production: <<: *deploy when: manual variables: ENV: production

What about easy OS testing and upgrades?!

Dockerfile FROM ruby:2.4-jessie RUN apt-get update RUN apt-get -y install

Dockerfile FROM ruby:2.4-stretch RUN apt-get update RUN apt-get -y install

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} # (...) image: ${IMAGE}

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${OS}_${CI_COMMIT_SHA} # (...) image: ${IMAGE}

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${OS}_${CI_COMMIT_SHA} # (...) image: ${IMAGE} test:jessie: stage:

test variables: OS: jessie script: - make test

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${OS}_${CI_COMMIT_SHA} # (...) image: ${IMAGE} test:jessie: &test

stage: test variables: OS: jessie script: - make test test:stretch: <<: *test variables: OS: stretch

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${OS}_${CI_COMMIT_SHA} # (...) image: ${IMAGE} package:jessie: &package

stage: package variables: OS: jessie script: - make package > release-${OS}.tar.gz artifacts: paths: [ release-${OS}.tar.gz ] package:stretch: <<: *package variables: OS: stretch

.gitlab-ci.yml variables: IMAGE: ${CI_REGISTRY_IMAGE}:${OS}_${CI_COMMIT_SHA} # (...) deploy:integration: &deploy stage: deploy

image: ${CI_REGISTRY}/infra/ansible:latest variables: OS: stretch ENV: integration script: - make deploy file=release-${OS}.tar.gz env=${ENV} deploy:production: <<: *deploy when: manual variables: OS: jessie ENV: production

None

Runners

Di erent Executors / Multiple OSes Shell Docker VirtualBox Parallels

SSH Kubernetes Linux Windows Mac OS X FreeBSD

Di erent Executors / Multiple OSes Shell Docker VirtualBox Parallels

SSH Kubernetes Linux Windows Mac OS X FreeBSD

Portable

Light system dependencies

Easily configurable and maintainable

--- classes: - docker - gitlab::ci gitlab::ci::runners: "%{::fqdn}_docker": executor: docker

docker-image: docker:latest

--- classes: - docker - gitlab::ci gitlab::ci::runners: "%{::fqdn}_docker": executor: docker

docker-image: docker:latest docker-volumes: "/var/run/docker.sock:/var/run/docker.sock" docker-privileged: true

AWS

Terraform

Open Source ❤

terraform.tf resource "aws_instance" "gitlab_runner" { count = 10 ami =

"ami-6b2cd712" instance_type = "m4.large" [..] }

None

MISSINGDEP Who had any clue this system library was required?

MISSINGDEP Update Dockerfiles with missing dependencies

ENOSPC No space le on device

ENOSPC Increase space / Automate cleanup of old containers and

images

UNAUTH_DEPLOY Where are my SSH keys for Ansible?

UNAUTH_DEPLOY Enhance security by creating individual keys per project/env

SHM_OOM Less than 64MB of free space in temporary directory

for shared memory files

SHM_OOM Configure max SHM size

IOWAIT On heavy load tests

IOWAIT Bigger disks Provisioned IOPS Leverage tmpfs

None

AWS

Docker

Terraform

terraform.tf resource "aws_autoscaling_group" "gitlab_runner" { desired_capacity = 10 min_size =

4 max_size = 24 launch_configuration = "${aws_launch_configuration.runner.name}" [..] }

We can do better and easier!

Ourselves with an interesting challenge

So ware engineers with a reliable CI implementation

Finance by making some savings

docker-machine integrated out-of-the-box with gitlab-runner scheduling jobs on spot instances

gitlab::ci::runners: 'aws_spot_docker_machine': executor: docker+machine limit: 24 machine-IdleCount: 4 machine-IdleTime: 600

machine-OffPeakPeriods: - "* * 0-8,18-23 * * mon-fri *" - "* * * * * sat,sun *" machine-OffPeakIdleCount: 0 machine-OffPeakIdleTime: 600 machine-MaxBuilds: 30 machine-MachineDriver: amazonec2 machine-MachineOptions: - amazonec2-instance-type=m4.large - amazonec2-request-spot-instance=true - amazonec2-spot-price=0.10 [..]

gitlab::ci::runners: 'aws_spot_docker_machine': executor: docker+machine limit: 24 machine-IdleCount: 4 machine-IdleTime: 600

None

REFERENCES · Dockerfile documentation · .gitlab-ci.yml documentation · Slides https://docs.docker.com/engine/reference/builder/

https://gitlab.com/help/ci/yaml/README.md http://polr.fr/tiaddocker

A smooth migration to Docker focusing on build pipelines

A smooth migration to Docker focusing on build pipelines

More Decks by PaulRbr

Other Decks in Programming

Featured

Transcript