Public | Automated Build

Last pushed: 3 months ago
Short Description
base image for CI @ naoshi
Full Description

naoshi docker images

this repo contains the "staticly built" support-images, used in the naoshi stack.

these images are custom variants of official images, mostly with simple
configuration / performance tweaks

prereq.

the following guide assumes you understand the majority of dockers functionality,
including the engine 1.12 swarm mode.

it should be noted, that this repository is not meant to be cloned and "run".
there is no reason to clone this repo, unless changes are to be made.
this repo functions purely as a file-host for the docker-hub build service.

naoshi stacks

the *.stack.yml files are docker-compose files, written using version: "3"
yaml format.

these files are consumed by the docker deploy command, used when bootstrapping
an application stack on a fresh swarm.

until support arrives in the docker-compose specification, the following
commands should be run after a stack deployment:

  • docker service update --publish-add target=80,published=80,protocol=tcp,mode=host $NGINX_SERVICE_NAME
  • docker service update --publish-add target=443,published=443,protocol=tcp,mode=host $NGINX_SERVICE_NAME

docker hub

the images enclosed in /images are automatically built on the docker-hub,
under the naoshi namespace.
these images may be pulled, provided a valid docker-hub account has been
provided (using docker login), and said account has been authorized to the
naoshi organization.

to update an existing service to the latest image from the hub, simply run:
docker service update --image naoshi/$SERVICE_IMAGE_NAME:$ENVIRONMENT $SERVICE_NAME
where:

  • "$SERVICE_NAME"=the service name, eg nginx (valid services may be investigated through docker service ls)
  • "$SERVICE_IMAGE_NAME"=the image running on above service (may be inspected using docker service inspect $SERVICE_NAME | awk '/"Image"/ { match($2, "(.*):.*@", a) }END{ print a[1] }')
  • "$ENVIRONMENT" - the image tag to be used. some services are built using a separate tag for production/staging. for images without separate environments, omit :myenv
    the available tags may be inspected on the docker-hub. the tag currently running on a service may be inspected using docker service inspect $SERVICE_NAME | awk '/"Image"/ { match($2, ".*:(.*)@", a) }END{ print a[1] }'

though technically possible, the docker service update command should not be
used for updating the "main" rails image, since this image includes make
macros and configs for deploying, which should be used instead.

utilities

ssh image & stack

due to the way docker handles networking, it is not possible to gain access to a network
from the host level, without entering a container.
for this purpose, a ssh container has been created, to allow access to docker-networked
services, without giving access to the swarm hosts (mostly used for forwarding
database-services to non-it employees)

for the ssh-stack to work, the production environment must be deployed with a
ssh-daemon image. this image gives access to the networked services, to the
keys authorized by the authorized_keys file.

to forward services for use in other departments (such as CM, for use with wabit),
start the tunnel.stack on a local server, or local machine. the services in tunnel.stack
will connect to the ssh-daemon, which is connected to the production environment,
and expose the master and slave database to the local network or local machine.

todo:

  • investigate support for tmpfs in compose (https://github.com/docker/docker/issues/25768)
  • implement command for reading out git status vars from service containers (a basic "status" command) half-completed
  • honeybadger-reporter for deployments early impl-stage
  • add network entrypoint for database servers (entrypoint ssh container)
  • add backup cron

help:

  • Q:why doesnt colors work on mac - A: install bash 4.x https://superuser.com/a/1057637
Docker Pull Command
Owner
naoshi
Source Repository

Comments (0)