using docker in ci process

Introduction The pipeline The environment The images The problems Finish

Using Docker in CI processApplied Docker

G. Godlewski

March 16, 2016


Author

About me

Programming, karate, music and cheese making.

Currently working for SMT Software Services


The background

Long time ago, in a galaxy far, far away...


The background


The background

Scope of automation

Unit tests

Functional tests

Integration tests

Quality checks (nightly build, code coverage, phpmd, phpcs,jshint, jslint, ...)

Deployments

One should constantly search for spots where time could be saved


Definitions

Continuous Integration

Martin Fowler:

Continuous Integration is a software developmentpractice where members of a team integrate theirwork frequently, usually each person integrates at leastdaily - leading to multiple integrations per day. Eachintegration is verified by an automated build (includingtest) to detect integration errors as quickly as possible.


Definitions

Continuous Delivery

Martin Fowler:

A common question we hear is “what is the differencebetween Continuous Delivery and ContinuousDeployment?” Both terms are similar and were coinedaround the same time. I see the difference as a businessdecision about frequency of deployment into production.Continuous Delivery is about keeping your applicationin a state where it is always able to deploy intoproduction. Continuous Deployment is actuallydeploying every change into production, every day ormore frequently.


Product

The point of view


Process

The process

Building - parts put together, diagnostics and verification,removal of unnecessary parts

Packaging - a ready product is being put into a package(container)

Delivery - the whole package is shipped to the client in aclearly defined manner

Each of the stages has a clear I/O definition


Process

Building up a complete solution

In case of a product composed from several components (eg.complex system) we could use the analogy of buying kitchenfurniture.

All packages contain components that fulfill a defined set ofcriteria

We know how the components should be connected

We know how the components should be placed withinclient’s infrastructure (kitchen)

Don’t dismiss the power of analogy!


Warming up!

What will we use Docker for

Performing CI builds within isolated containers (docker indocker, sic!)

Providing the package for the product in which will it befurther distributed

Running our applications


Warming up!


Warming up!

Getting ready

1 Ensure the right kernel version (starting from 3.10!)

2 Ensure you have all required kernel modules (aufs,devicemapper etc - depends on the distribution)

3 Latest docker-engine installed

4 Latest docker-compose installed


Additional tools

Ansible

What for?

Describe how the application should be delivered (deploymentto server)

Configuration management

Why?

Great documentation

Huge amount of modules - I didn’t have to build my own yet!


Own Docker Hub

Docker Hub

hub:

restart: always

image: registry:2

ports:

- "5000:5000"

environment:

TERM: linux

REGISTRY_HTTP_TLS_CERTIFICATE: :)

REGISTRY_HTTP_TLS_KEY: :)

REGISTRY_AUTH: htpasswd

REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd

REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm

volumes:

- "/home/docker-distro/registry/data:/var/lib/registry"

- "/etc/ssl/certs:/certs"

- "/etc/ssl/private:/keys"

- "/home/docker-distro/registry/auth:/auth"

Hint

Keep security in mind!


The CI Server

TeamCity

Free version provides:

3 build agents

20 build configurations

Broad configuration capabilities (build parameters,configuration templates, defining dependencies etc)


Understanding CI

Build Server and Build Agents


Customs

Special forces


Customs

Custom Agent

FROM sjoerdmulder/teamcity-agent:latest

MAINTAINER Grzegorz Godlewski <[email protected]>

RUN apt-get -y install software-properties-common

RUN apt-add-repository ppa:ansible/ansible

RUN apt-get update

RUN apt-get -y install ansible

COPY ./keys/id_rsa /home/teamcity/.ssh/id_rsa

RUN chown -R teamcity:teamcity /home/teamcity/.ssh

ADD docker-entrypoint.sh /docker-entrypoint.sh

RUN chmod a+x docker-entrypoint.sh


Customs

Extending the images


Implementation

TeamCity Server

server:

image: "sjoerdmulder/teamcity:latest"

ports:

- "8111:8111"

volumes:

- "/home/teamcity/server/data:/var/lib/teamcity"

environment:

TERM: linux


Implementation

TeamCity Agent

agent:

image: "my-own-hub/teamcity-agent:latest"

ports:

- "9090:9090"

volumes:

- "/var/run/docker.sock:/var/run/docker.sock" # docker in docker

- "/usr/bin/docker:/usr/bin/docker"

- "/usr/bin/docker:/usr/local/bin/docker"

- "/home/teamcity/agent/work:/opt/buildAgent/work" # work directories

- "/home/teamcity/agent/composer:/opt/composer/cache" # composer cache

- "/home/teamcity/agent/docker:/home/teamcity/.docker" # hub auth keys

environment:

TERM: linux

TEAMCITY_SERVER: "http://teamcity_server:8111" # your server

TEAMCITY_AGENT_NAME: "Alpha" # readable name

AGENT_HOME_ON_HOST: "/home/teamcity/agent" # custom ENV for runtime


Implementation

The flow

1 Run build in dev image

2 Package using dist image

3 Distribute using Ansible and docker-compose


It’s never that easy

Not so easy...

Cleaning up

CI process performance

Proper kernel modules

Dynamically linked modules

Race conditions



https://github.com/docker/docker/issues/4036



https://github.com/docker/docker/issues/4036

If you’re using the devicemapper diver, make sure that Udev SyncSupported is set to true.


Questions?


Thank you!

http://linkedin.com/in/[email protected]

@GGodlewski

using docker in ci process

Technology