Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Non-traditional use of Docker (Nette Camp #3)

Non-traditional use of Docker (Nette Camp #3)

Vladimír Kriška

August 25, 2017
Tweet

More Decks by Vladimír Kriška

Other Decks in Programming

Transcript

  1. Non-traditional use of
    Docker
    Vladimír Kriška
    @ujovlado

    View full-size slide

  2. $ whoami
    Brogrammer
    Developer at Keboola
    building ETL platform Keboola Connection
    writing about it at 500.keboola.com
    WebElement organizer - web dev meetup (on hold)
    Rekurzia - custom dev trainings
    twitter.com/ujovlado
    2

    View full-size slide

  3. Why containers?
    3

    View full-size slide

  4. Why containers?
    Isolation
    Simplicity
    One container, one task, one process*
    Lock environment
    No more "works on my machine" problems
    They're lightweight
    Almost as native (probably 99.9%)
    4

    View full-size slide

  5. Why Docker?
    5

    View full-size slide

  6. Why Docker?
    Most popular
    No VM needed*
    Easy to learn
    Lightweight
    Fast startup
    Well supported
    Docker Compose
    Docker Swarm, etc.
    6

    View full-size slide

  7. Let's begin!
    7

    View full-size slide

  8. 1. Standard usage (for dev)
    Docker le:
    FROM node:7
    RUN apt-get update -q \
    && apt-get install apt-transport-https \
    && wget https://dl.yarnpkg.com/debian/pubkey.gpg -O pubkey.gpg
    && apt-key add pubkey.gpg \
    && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /et
    && apt-get update -q \
    && apt-get install yarn -y
    8

    View full-size slide

  9. docker-compose.yml:
    services:
    node:
    build: .
    ports:
    - "3000:3000"
    volumes:
    - ./:/code
    working_dir: /code
    tty: true
    command: sh -c 'yarn && yarn start'
    and:
    docker-compose run --rm --service-ports node
    9

    View full-size slide

  10. 2. Helpers (e.g. in Travis)
    services:
    - docker
    script:
    - ...
    - docker-compose up -d udp-listener
    - php tests/run.php
    - docker-compose logs udp-listener | grep 'Some text'
    check if library made UDP request
    10

    View full-size slide

  11. 3. Concurency problems (almost
    DIND)
    $ docker run --rm \
    -v /var/run/docker.sock:/var/run/docker.sock \
    docker:1.11 \
    sh -c 'docker login \
    && docker pull some-image \
    && docker logout'
    mounting Docker socket to container
    Docker in container will run Docker on host
    logins will not con ict
    11

    View full-size slide

  12. 4. Tools you don't want on host
    e.g. Ruby
    or Node
    PHP
    ...
    12

    View full-size slide

  13. 4.1. Travis CLI
    to run Travis CLI in container using host FS
    FROM ruby:2
    RUN gem install travis -v 1.8.2 --no-rdoc --no-ri
    ARG USER_NAME
    ARG USER_UID
    ARG USER_GID
    RUN groupadd --gid $USER_GID $USER_NAME
    RUN useradd --uid $USER_UID --gid $USER_GID $USER_NAME
    ENTRYPOINT ["travis"]
    13

    View full-size slide

  14. 4.1. Travis CLI
    $ docker build -t travis \
    --build-arg USER_UID=`id -u` \
    --build-arg USER_GID=`id -g` \
    --build-arg USER_NAME=`id -un` \
    .
    $ docker run -i -t --rm \
    -v "/home/vlado/workspace/travis-cli/.travis
    :/home/`id -un`/.travis" \
    -u `id -u` \
    travis
    14

    View full-size slide

  15. 4.1. Travis CLI
    #!/bin/bash
    docker run -i -t --rm \
    -v "/home/vlado/workspace/travis-cli/.travis
    :/home/`id -un`/.travis" \
    -v "$PWD:$PWD" \
    -w $PWD \
    -u `id -u` \
    travis "$@"
    15

    View full-size slide

  16. 5. OpenVPN
    FROM debian:jessie
    RUN apt-get update -q \
    && apt-get install openvpn ssh -y --no-install-recommends
    ARG USER_NAME
    ARG USER_UID
    ARG USER_GID
    RUN groupadd --gid $USER_GID $USER_NAME \
    && useradd --uid $USER_UID --gid $USER_GID \
    --shell /bin/bash $USER_NAME
    COPY entrypoint.sh /root/
    ENTRYPOINT ["/root/entrypoint.sh"]
    16

    View full-size slide

  17. Entrypoint:
    openvpn --daemon --config $1 && su - $SU_USERNAME
    Build:
    docker build -t openvpn \
    --build-arg USER_UID=`id -u` \
    --build-arg USER_GID=`id -g` \
    --build-arg USER_NAME=`id -un` \
    .
    similar Travis CLI
    17

    View full-size slide

  18. Run script:
    #!/bin/bash
    SCRIPT_DIR=$(cd `dirname $0`; pwd -P)
    if [ ! -f $SCRIPT_DIR/config/$1 ]; then
    echo "Specified config file not found"
    else
    docker run -i -t --rm \
    --device "/dev/net/tun:/dev/net/tun" \
    -v "$SCRIPT_DIR/config:/etc/openvpn/config" \
    -v "/home/`id -un`/.ssh:/home/`id -un`/.ssh" \
    -w "/etc/openvpn/config" \
    --cap-add NET_ADMIN \
    --env SU_USERNAME=`id -un` \
    openvpn $1
    fi
    18

    View full-size slide

  19. 6. Shared socket
    services:
    syslog:
    build: docker/syslog
    volumes:
    - ./docker/.syslog-datadir/socket:/syslog-socket
    - ./docker/.syslog-datadir/log:/var/log
    syslog-watcher:
    image: debian:8
    volumes_from:
    - syslog
    command: tail -f /var/log/syslog
    everything is a le
    19

    View full-size slide

  20. services:
    apache:
    build: docker/php-apache
    volumes:
    - ...
    - ./docker/.syslog-datadir/socket/log:/dev/log
    - ...
    links:
    - syslog
    now you can log to syslog and will see logs using
    "watcher" service
    20

    View full-size slide

  21. Conclusion
    you can run any service in Docker
    in Linux, everything is a le -> can be mounted
    super fast onboarding (just docker run/up)
    clean host system
    ...
    21

    View full-size slide

  22. Questions?
    22

    View full-size slide