Skip to content
This repository has been archived by the owner on Jun 20, 2018. It is now read-only.

Implement releases using Docker #33

Closed
andreskytt opened this issue Feb 28, 2016 · 9 comments
Closed

Implement releases using Docker #33

andreskytt opened this issue Feb 28, 2016 · 9 comments
Assignees
@peterjasc
Labels
broad issue docker enhancement

Comments

@andreskytt
Copy link
Contributor

andreskytt commented Feb 28, 2016
edited
Loading

Implement a release process that results in a bunch of docker containers encapsulating the following parts of the system:

  • load balancer
  • Static web
  • FoxAPI
  • LoginAPI
  • Mock LDAP
@peterjasc peterjasc self-assigned this Mar 22, 2016
@peterjasc
Copy link
Collaborator

peterjasc commented Jul 12, 2016
edited
Loading

Need to access config/ folder inside the Dockerfile that is in static/ folder.

The host directory is, by its nature, host-dependent. For this reason, you can’t mount a host directory from Dockerfile because built images should be portable. A host directory wouldn’t be available on all potential hosts.

(ie, VOLUME ~/git/fox/:/containerdir/ is illegal)

For security reasons, you can not do ADD ../aa /static either (add parent directories -- since they are outside of the build context)

@peterjasc
Copy link
Collaborator

peterjasc commented Jul 12, 2016
edited
Loading

One possible solution was (which necessitates .dockerignore in /fox) this: moby/moby#2745

I successfully worked around this issue using volumes. Example directory structure:

web/

  • Dockerfile -> ADD . /usr/src/app/
  • (code)

webstatic/

  • Dockerfile -> ADD . /usr/src/app/subdir
  • (code)

compose file excerpt:

web:
build: ./web/

webstatic:
build: ./webstatic/
volumes_from:
- web

Then in the webstatic code I can access the code from the web container. No need for ADD ../web/ .. in webstatic.

@peterjasc
Copy link
Collaborator

peterjasc commented Jul 12, 2016
edited
Loading

This is not the best solution, since it uses data only containers (Docker Compose file ver 2 seems to have deprecated these with named volumes). A better idea seems to give the dockerfile (in static/) the project's root as the build context (so it could access both static/ and config/).

The implementation of this concept can be seen at 4528de3

@peterjasc
Copy link
Collaborator

peterjasc commented Jul 14, 2016
edited
Loading

Links and "expose" (similar to "ports" command, but does not publish ports to host machine) can be considered deprecated features since Docker 1.9 (and should not be used, when writing Docker Compose files of ver 2). Networks should be used instead.

However:

The default docker0 bridge network supports the use of port mapping and docker run --link to allow communications between containers in the docker0 network. These techniques are cumbersome to set up and prone to error. While they are still available to you as techniques, it is better to avoid them and define your own bridge networks instead.

Implementation of user-defined bridge networks and loadbalancers:
f0feb24
Loadbalancer configs:
895f239

https://docs.docker.com/engine/userguide/networking/dockernetworks/
https://docs.docker.com/compose/compose-file/#/expose

@peterjasc
Copy link
Collaborator

peterjasc commented Jul 15, 2016
edited
Loading

Building go files inside a Docker container with go build means that GOPATH needs to point to the project root. This caused some problems in figuring out how to get the build to use a local package's external dependencies located in out project (for example, local pkg "loginservice" is dependant on the following external dependencies located in out project -- "authn", "authz", "login" and "util"), without copying the whole project into every container.

The solution is quite simple: we just build a similar directory structure inside the container and only copy the files we need, with a small caveat -- we will use the vendor directory for local pkg's local dependencies.

Go 1.6 includes support for using local copies of external dependencies to satisfy imports of those dependencies, often referred to as vendoring.

For example, to build Loginservice, we copy authn, authz and util into the vendor folder, instead of directly into the source directory (a small difference, but it makes it clear that these are the external dependencies of pkg login).

├── src
...
    ├── login
        └── vendor
        │ └── authn
        │ └── authz
        │ └── util
        └── loginservice

As of July 2016, the "dependency management"/"go vendoring" tools are not mature enough for use in production, so, in order to get all the dependencies required for a build, we will have to copy these manually from the host's (from the point of view of the Docker container) source directory into the container's vendor directory and use go get -d to get the other external dependencies (such as github.com/fernet/fernet-go).

For reference:
https://golang.org/cmd/go/#hdr-Vendor_Directories

peterjasc added a commit that referenced this issue Jul 19, 2016
@peterjasc
Use package's vendor folders for building as mentioned in #33
280034b
peterjasc added a commit that referenced this issue Jul 19, 2016
@peterjasc
Revert to using local imports instead of getting them from github. #33
ae32102 
It turned out there was no merit in doing this.

One thing that might be confusing is that we no longer import fox as
"fox", but as "github.com/e-gov/fox". This, while it might seem so,
is not an external import (the missing "src/" directory being the key
indicator of that -- if we delete the folder in github.com, "go get" will
not recover the deleted files).

This confusion came about because we moved local packages into
canonical github.com/e-gov, which meant changes in config files,
scripts and src code.
peterjasc added a commit that referenced this issue Jul 20, 2016
@peterjasc
Make it possible to not have to copy everything into container
b20b916 
We do not want to copy the whole project into the Docker
container due to 'go get' using GOPATH (which, by default,
is the project root) as mentioned in #33. We don't need
the vendor folder to pull this off, but it makes more
clear which pkgs are considered 'external'.
peterjasc added a commit that referenced this issue Jul 27, 2016
@peterjasc
Remove docker config folder creation, as go's os/user does not work.
db27b91 
We build go binaries using static linking (CGO=0), which means that
os/user package does not work. Thus, we cannot create a separate config
folder for Docker in config, because getUserConfigFolderPath
in Config.go will not work without knowing the user name
-- which we use os/user for. That means, we have to rely on
the fallback version to be there. #33
@peterjasc
Copy link
Collaborator

peterjasc commented Jul 28, 2016
edited
Loading

Make static dockerfile buildable 1cdede4

Remove volume, since it hides the actual folder from Docker container 993532a

Replace compass with libsass to not have to get ruby in container
fad0c7b

Copy properties into the right directory and update node dependencies
3cb8c73

@peterjasc peterjasc reopened this Jul 31, 2016
@peterjasc peterjasc reopened this Aug 2, 2016
@peterjasc
Copy link
Collaborator

peterjasc commented Aug 3, 2016
edited
Loading

For haproxy logging, we used rsyslog and mounted /dev/log on the haproxy containers, which means we can read the log at /var/log/syslog

References:
dockerfile/haproxy#3 (comment)
https://youroldmanspath.blogspot.com.ee/2015/12/logging-and-haproxy-docker-container.html

peterjasc added a commit that referenced this issue Aug 3, 2016
@peterjasc
Log to host's /var/log/syslog #33
1366cee
@peterjasc
Copy link
Collaborator

Create a network so that static_web proxies go through load balancers
(Previously, static_web used Fox Service and Login Service directly.)
7351e93

peterjasc added a commit that referenced this issue Aug 4, 2016
@peterjasc
Use the path of the url request in haproxy ACL, because port changes
64e5746 
The request from inside static_web (see docker-compose.yml)
to fox_LB (LB stands for load balancer, see fox_LB/haproxy.cfg) goes
through a nodejs proxy that uses CORS (changeOrigin is set to true
in static/properties.sample.json). This means that the request
port is changed and we have to rely on the request's URL path to
decide which backend to send the request.

In the case of fox service, it seems that frontend balancer can
listen on 8090, but the ACL, defined inside the balancer (see the
fox_LB/haproxy.cfg), uses the new port assigned due to CORS. #33
@peterjasc
Copy link
Collaborator

set the correct status check address for balancers 3468583

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@peterjasc peterjasc

Labels
broad issue docker enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andreskytt @peterjasc