Docker: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 106: Line 106:


[[Category: Glossary]]
[[Category: Glossary]]
[[Category: Best Profile]]
[[Category: Best Practice]]
[[Category: Best Practice]]

Revision as of 20:20, 29 April 2021

Full Title or Meme

Docker is a system for building, deploying and running complex images of a program with its runtime.

Context

  • This wiki page is focus on the user of Digital Ocean from a Windows workstation targeting the Kantara preferred instance.
  • With the rise of cloud computing the need arose to give users an easy way to create a run-time package that could be sent to any cloud Platform as a Service provider (PaaS) with complete interoperability.

Solutions

Docker was released in 2013 and solved many of the problems that developers had running containers end-to-end focused on these low-level features:

  1. A container image format
  2. A method for building container images (Dockerfile/docker build)
  3. A way to manage container images (docker images, docker rm , etc.)
  4. A way to manage instances of containers (docker ps, docker rm , etc.)
  5. A way to share container images (docker push/pull)
  6. A way to run containers (docker run)

Open Container Initiative was created to expand the scope of docker solutions. There are for high-level docker support.

When you run a Docker container, these are the steps Docker actually goes through:

  1. Download the image
  2. Unpack the image into a "bundle". This flattens the layers into a single filesystem.
  3. Run the container from the bundle

Deploy App Image to Digital Ocean

You will need access to a Digital Ocean (DO) droplet of sufficient size to handle your application.

Custom Images on Droplets

Step by Step Instructions

It is assumed that the Docker Desktop for Windows has been installed and the the runtime is created by .NET Core 3.0 or later and that you have created a DigitalOcean droplet and have the ssh (user) password for building the container in place, or a doclt access token for use of the DO Container registry.

  1. Build a production version of the code (ie set the configuration to Production with the Configuration Manager.)
  2. If running Visual Studio 2019 or later, publish a
  3. Install the Digital Ocean controller on windows. It is called doctl.exe.
  4. Create a DigitalOcean API token for your account with read and write access from the Applications & API page in the control panel. Save the token string in a safe place on your workstation.
  5. On the workstation (usually in powershell) you will enter the token after you type: .\doctl.exe auth init --context <NAME_OF_CONTAINER>
  6. Test that everything works by typing: .\doctl.exe account get
  7. For first time use, Create a Container Registry.
  8. Optionally check the account: .\doctl.exe account get

The following builds the container directly in the droplet. <<<. preferred mode

  1. SSH configuration. Images must have sshd installed and configured to run on boot. If your image does not have sshd set up, you will not have SSH access to Droplets created from that image unless you recover access using the Droplet console. (DO SERVER.TXT)
  2. Make sure that the source file in GitHub is current as the container will be built from the GitHub repository.
  3. SSH login looks like this: ssh root@0.0.0.0: where you enter the IP address of the droplet and will be prompted for the ssh password.
  4. Then cd into the newly created directory. (/home/app/..). (eg cd \homeapp\RegistryDemo)
  5. If everything is configured correctly, you should be able to enter docker-compose build and see the output of the process. -- OR
    1. git stash
    2. git pull
    3. git stash pop (should be just product.yml
    4. sh Production.sh
  6. Copy up the user secrets if required (either using echo 'stuff' > filename.json, or rsh)
  7. Copy of the https cert if required (rsync -avz ./RegistryTest.pfx root@204.48.19.105:/root/.aspnet/https)
  8. git clone https://github.com/TomCJones/RegistryTest.git
  9. cd RegistryTest/
  10. docker-compose build

Creating a certificate directly on the droplet or on a Windows machine with WSL:

  1. Ensure that the DNS name has already been registered (e.g. trustregistry.org)
  2. Load certbot.eff.org
  3. Follow directions in certbot user guide for a manual, standalone certificate.
    1. If using DNS challenge, have the DNS record open at the registry site.
  4. openssl pkcs12 -export -in trorg.pem -inkey trorg.key -out trorg.pfx
  5. openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out trorg.pfx


The use of registry complicates the flow and is not recommended for initial testing with a single droplet.

  1. Ensure the workstation is signed into Digital ocean: ./doctl.exe registry login
  2. Tag the container to be pushed: docker tag registrytest:dev registry.digitalocean.com/tomjones/tomjones
  3. Push contain from workstation to cloud: docker push registry.digitalocean.com/tomjones/tomjones

Deploy image from GitHub

root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git --version
git version 2.25.1
root@docker-ubuntu-s-1vcpu-1gb-nyc1-01:/home/app/RegistryTest# git config --list
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.com/TomCJones/RegistryTest.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master

The Environment

Environmental variable are chital to the successful operation of a net core project running in a Linux Docker environment. For example:

  • APPDATA in a windows development environment is typically:
  • $home ina Linux environment is typically:

References