using docker in ci process

Introduction The pipeline The environment The images The problems Finish

Using Docker in CI processApplied Docker

G. Godlewski

March 16, 2016

Introduction The pipeline The environment The images The problems Finish

Author

About me

Programming, karate, music and cheese making.

Currently working for SMT Software Services

Introduction The pipeline The environment The images The problems Finish

The background

Long time ago, in a galaxy far, far away...

Introduction The pipeline The environment The images The problems Finish

The background

Introduction The pipeline The environment The images The problems Finish

The background

Scope of automation

Unit tests

Functional tests

Integration tests

Quality checks (nightly build, code coverage, phpmd, phpcs,jshint, jslint, ...)

Deployments

One should constantly search for spots where time could be saved

Introduction The pipeline The environment The images The problems Finish

Definitions

Continuous Integration

Martin Fowler:

Continuous Integration is a software developmentpractice where members of a team integrate theirwork frequently, usually each person integrates at leastdaily - leading to multiple integrations per day. Eachintegration is verified by an automated build (includingtest) to detect integration errors as quickly as possible.

Introduction The pipeline The environment The images The problems Finish

Definitions

Continuous Delivery

Martin Fowler:

A common question we hear is “what is the differencebetween Continuous Delivery and ContinuousDeployment?” Both terms are similar and were coinedaround the same time. I see the difference as a businessdecision about frequency of deployment into production.Continuous Delivery is about keeping your applicationin a state where it is always able to deploy intoproduction. Continuous Deployment is actuallydeploying every change into production, every day ormore frequently.

Introduction The pipeline The environment The images The problems Finish

Product

The point of view

Introduction The pipeline The environment The images The problems Finish

Process

The process

Building - parts put together, diagnostics and verification,removal of unnecessary parts

Packaging - a ready product is being put into a package(container)

Delivery - the whole package is shipped to the client in aclearly defined manner

Each of the stages has a clear I/O definition

Introduction The pipeline The environment The images The problems Finish

Process

Building up a complete solution

In case of a product composed from several components (eg.complex system) we could use the analogy of buying kitchenfurniture.

All packages contain components that fulfill a defined set ofcriteria

We know how the components should be connected

We know how the components should be placed withinclient’s infrastructure (kitchen)

Don’t dismiss the power of analogy!

Introduction The pipeline The environment The images The problems Finish

Warming up!

What will we use Docker for

Performing CI builds within isolated containers (docker indocker, sic!)

Providing the package for the product in which will it befurther distributed

Running our applications

Introduction The pipeline The environment The images The problems Finish

Warming up!

Introduction The pipeline The environment The images The problems Finish

Warming up!

Getting ready

1 Ensure the right kernel version (starting from 3.10!)

2 Ensure you have all required kernel modules (aufs,devicemapper etc - depends on the distribution)

3 Latest docker-engine installed

4 Latest docker-compose installed

Introduction The pipeline The environment The images The problems Finish

Additional tools

Ansible

What for?

Describe how the application should be delivered (deploymentto server)

Configuration management

Why?

Great documentation

Huge amount of modules - I didn’t have to build my own yet!

Introduction The pipeline The environment The images The problems Finish

Own Docker Hub

Docker Hub

hub:

restart: always

image: registry:2

ports:

- "5000:5000"

environment:

TERM: linux

REGISTRY_HTTP_TLS_CERTIFICATE: :)

REGISTRY_HTTP_TLS_KEY: :)

REGISTRY_AUTH: htpasswd

REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd

REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm

volumes:

- "/home/docker-distro/registry/data:/var/lib/registry"

- "/etc/ssl/certs:/certs"

- "/etc/ssl/private:/keys"

- "/home/docker-distro/registry/auth:/auth"

Hint

Keep security in mind!

Introduction The pipeline The environment The images The problems Finish

The CI Server

TeamCity

Free version provides:

3 build agents

20 build configurations

Broad configuration capabilities (build parameters,configuration templates, defining dependencies etc)

Introduction The pipeline The environment The images The problems Finish

Understanding CI

Build Server and Build Agents

Introduction The pipeline The environment The images The problems Finish

Customs

Special forces

Introduction The pipeline The environment The images The problems Finish

Customs

Custom Agent

FROM sjoerdmulder/teamcity-agent:latest

MAINTAINER Grzegorz Godlewski <grzegorz@sorcerystudio.com>

RUN apt-get -y install software-properties-common

RUN apt-add-repository ppa:ansible/ansible

RUN apt-get update

RUN apt-get -y install ansible

COPY ./keys/id_rsa /home/teamcity/.ssh/id_rsa

RUN chown -R teamcity:teamcity /home/teamcity/.ssh

ADD docker-entrypoint.sh /docker-entrypoint.sh

RUN chmod a+x docker-entrypoint.sh

Introduction The pipeline The environment The images The problems Finish

Customs

Extending the images

Introduction The pipeline The environment The images The problems Finish

Implementation

TeamCity Server

server:

image: "sjoerdmulder/teamcity:latest"

ports:

- "8111:8111"

volumes:

- "/home/teamcity/server/data:/var/lib/teamcity"

environment:

TERM: linux

Introduction The pipeline The environment The images The problems Finish

Implementation

TeamCity Agent

agent:

image: "my-own-hub/teamcity-agent:latest"

ports:

- "9090:9090"

volumes:

- "/var/run/docker.sock:/var/run/docker.sock" # docker in docker

- "/usr/bin/docker:/usr/bin/docker"

- "/usr/bin/docker:/usr/local/bin/docker"

- "/home/teamcity/agent/work:/opt/buildAgent/work" # work directories

- "/home/teamcity/agent/composer:/opt/composer/cache" # composer cache

- "/home/teamcity/agent/docker:/home/teamcity/.docker" # hub auth keys

environment:

TERM: linux

TEAMCITY_SERVER: "http://teamcity_server:8111" # your server

TEAMCITY_AGENT_NAME: "Alpha" # readable name

AGENT_HOME_ON_HOST: "/home/teamcity/agent" # custom ENV for runtime

Introduction The pipeline The environment The images The problems Finish

Implementation

The flow

1 Run build in dev image

2 Package using dist image

3 Distribute using Ansible and docker-compose

Introduction The pipeline The environment The images The problems Finish

It’s never that easy

Not so easy...

Cleaning up

CI process performance

Proper kernel modules

Dynamically linked modules

Race conditions

Introduction The pipeline The environment The images The problems Finish

It’s never that easy

https://github.com/docker/docker/issues/4036

Introduction The pipeline The environment The images The problems Finish

It’s never that easy

https://github.com/docker/docker/issues/4036

If you’re using the devicemapper diver, make sure that Udev SyncSupported is set to true.

Introduction The pipeline The environment The images The problems Finish

Questions?

Introduction The pipeline The environment The images The problems Finish

Thank you!

http://linkedin.com/in/ggodlewskigrzegorz@sorcerystudio.com

@GGodlewski