Public | Automated Build

Last pushed: 2 months ago
Short Description
Attackpattern.com docker container build
Full Description

#Attackpattern.com
attackpattern.com is the main site for the Group of Senior Developers at Attack Pattern. The site is a server side rendered react app running in a docker container.


Deployment

Attackpattern.com is setup for continuous integration using a combination of github service hooks, docker hub, docker cloud and AWS. Simply check in your changes to develop, and once you are ready to deploy said changes, create a pull request from develop onto master. Any checkins to master will kick off a rebuild of the docker container on docker hub, which when complete will trigger a re-deployment of the docker container. For details on how this was accomplished see the Bootstrapping Process.


Dev Environment Requirements/Setup

If you are setting up a dev environment you will need the following. There are equivalent versions of this software for PC's but most of Attack Pattern uses Macbook Pro's so this is geared towards OSX.

Pre req's

Once Docker is installed you should be able to simply go to the root of this repo and Type

docker-compose up

If docker-compose didn't install or your having issues check the docker compose docs.


Boostrapping Process

All of this has already been done for attackpattern.com but it's worth documenting how we got here as a point of reference, or if we want to share our steps for continuous deployment. You can follow along from the Docker Cloud - Github - AWS integration guide or follow the steps below for some additional notes. Also this is documented for an individual user. You will likely want to create an organization account, this can be done in docker hub settings near the bottom. I haven't done this yet so YMMV.

Prepare

Prep more or less is getting AWS permissions setup for deploying from docker cloud to AWS

  • Log into your AWS account. you can always create a Free AWS account if you want to try this out.
    *Navigate to IAM and create a new policy, follow the docker documentation for doing so, with the one exception.

    Your docker policy should look like:

    {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Action": [
                  "ec2:*",
                  "iam:ListInstanceProfiles"
              ],
              "Effect": "Allow",
              "Resource": "*"
          },
          {
              "Effect": "Allow",
              "Action": "iam:PassRole",
              "Resource": "arn:aws:iam::12345678910:role/*"
          }
      ]
    }
    

    Obviously replace the bottom arn string with YOUR arn, replacing everything after the account ID number with :role/*

    • copy down the full ARN for use in the setup process below.

Setup

####Docker Hub

  • create a docker hub account.
  • In your Github repository, you or an admin need to enable the Service Hooks for Docker. From the repo click Settings -> Integrations & Services -> Add Service. Search for Docker and Add the Service. Make sure the 'Active' checkbox is checked.
  • In Docker Hub you need to Link Github to your docker hub account.
  • Once linked, from the top nav click Create -> Create Automated build and select 'Create Auto-build Github'
  • Select your User/Organization/Repo - in this case AttackPattern > attackpattern.com
  • Add some short notes, and make the visibility public or private based on your preference and click Create. Note there is a limit to private repo's based on your paid tier with your docker account.
  • Once Created, you need to go to Build Settings and add a docker tag name to your default build. If you want you can set a specific branch and trigger a build against said branch if you want. Also whenever a checkin to said branch happens, a build will be triggered.
  • To view a triggered build, go to build details and click onto a build to see the status. Make sure to verify your first build completes successfully.

####Docker Cloud

  • Navigate to docker cloud and login with your docker hub account - note the below is using the beta ui which is on by default. next to the docker cloud icon in the banner you can switch it on if you switch back to classic ui.
  • If you are part of an organization, said organization can now make you an owner and you can context switch to that organization user in the upper right hand corner.
  • Link your Github account in docker cloud settings - https://cloud.docker.com/app/**YOUR USERNAME**/settings. If you are part of an organization you will want to do this as your organization - this can be switched by click on the username in the upper right corner once you've been granted access to said organization.
  • Click Link Provider from the onboarding page.
  • Paste in the ARN from above to link AWS.

Deployment

This involves docker cloud's node/node cluster setup, defining a docker cloud service, DNS concerns/solutions and some final configuration notes. We'll go through each area below.

Docker Cloud

First you'll need to deploy a node.

  • from the Onboarding Dashboard - cloud.docker.com/app/YourUsername/dashboard/onboarding click 'Create a Node'. I named ours attackpattern-www, added some labels, provider is obviously Amazon Web Services and deployed it to us-west-2. *Note - if you run into issues deploying you can click on the 'timeline' sub navigation tab to see what failed. Likely it's an AWS permission issue so head back up and read setup more thoroughly and go through the links provided to diagnose what's missing.

DNS configuation

Now if this is going to be be deployed as a subdomain you can skip the next set of instructions, but if you plan to point your docker container(s) to a naked domain (i.e. attackpattern.com) web service it's required that you point your naked A record to an IP. With Docker Cloud and AWS there is no easy way to do this in Route 53 without using an ELB and that has it's own complications associated with it. In the attackpattern.com case, we only need one docker container so we will point our DNS to the elastic IP assigned to our docker container. If we wanted multiple web docker containers you would then create a new node separate from your node/node cluster for the web containers, assign an elastic IP to said ec2 instance, follow the below deployment procedure to deploy the dockercloud-haproxy, deploy said haproxy container as a serivce (like below) and following the hello world example haproxy setup or the docker cloud documentation for setting up load balancing.

AWS Configuration

  • On AWS after completing your deployment above, login into aws and go to the EC2 tab.
  • Create an elastic IP from the elastic IPs section from the right nav. Note this IP as it's what you will point your DNS A Record too later
  • After the IP is created, check the box next to it, click the Actions button and select Associated Address. Type in your Intstance name or simply click into the input box to get a list of all ec2 instances. Finally click Associate and click past any warnings about releasting the current IP.
  • Select Instances from the right Nav, Check the box next to the name of your docker instance, click Actions -> Instance State -> Reboot. Confirm the reboot. This is to restart the docker-cloud service on the ec2 instance so the Docker cloud service/web UI will function normally under the new static IP.
  • Once the EC2 instances has completed rebooting you can move on to the next step.

####Docker Cloud Service setup
Below is Setting up Docker cloud for a single container/node docker cloud service. If you wanted multiple components, say an api and frontend you would likely deploy a stack using a config very similar to the docker-compose.yml file minus stuff like your env file.

  • In Docker Cloud click on Services on the right Nav.
  • Select 'Create' from the top Nav.
  • Click on the 'world' icon at the top so we can select our docker hub docker box. In Search Docker Hub type the name of your repo, in our case it is under metroninja/attackpattern. The search should return your build, Hover over it and click Select.
  • The Container should pull in most of what you need, Fields to modify are
    • NICKNAME - give it one.
    • AUTODEPLOY - Turn this on for continuous Delivery
    • NETWORK - Select host from the drop down. THIS IS CRITICAL for the routing of the ec2 instance IP to work for either your single container instance, or your HAProxy instance.
    • API ROLES - if this is an HAProxy make sure to select Full Access otherwise leave it alone
    • PORTS - you need to click the Published button, and change the Node Port from dynamic to 80 for the web service to work properly.
  • Once all settings have been entered, click Create & Deploy on the right Nav menu.

If you are trying to deploy an HAProxy to a separate docker node/node cluster you need to use deploy tags to control which set of ec2 instance(s) it deploys to.

##Final Configuration
At this point you should now have your service deployed onto Docker Cloud. You can watch the service from the Docker Cloud UI, once it reaches a running state you can copy your endpoint to verify it's working. Once you've verified it's up and doing what you expect you can then point your AWS Route53 (or whatever DNS provider you are using) to the elastic IP from earlier and enjoy your new dockerized continuous deployment.

###resources used
Docker Cloud - Github - AWS integration
Docker Cloud - Continous Delivery
Docker Cloud - Linking AWS IAM permissions
AWS IAM specifics for the policy

Docker Pull Command
Owner
metroninja
Source Repository

Comments (0)