10. Maintaining Docker Containers
by Pierre Pomes, Stephane Jourdan
Infrastructure as Code (IAC) Cookbook
- Infrastructure as Code (IAC) Cookbook
- Table of Contents
- Infrastructure as Code (IAC) Cookbook
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Preface
- 1. Vagrant Development Environments
- Introduction
- Adding an Ubuntu Xenial (16.04 LTS) Vagrant box
- Using a disposable Ubuntu Xenial (16.04) in seconds
- Enabling VirtualBox Guest Additions in Vagrant
- Using a disposable CentOS 7.x with VMware in seconds
- Extending the VMware VM capabilities
- Enabling multiprovider Vagrant environments
- Customizing a Vagrant VM
- Using Docker with Vagrant
- Using Docker in Vagrant for a Ghost blog behind NGINX
- Using Vagrant remotely with AWS EC2 and Docker
- Simulating dynamic multiple host networking
- Simulating a networked three-tier architecture app with Vagrant
- Showing your work on the LAN while working with Laravel
- Sharing access to your Vagrant environment with the world
- Simulating Chef upgrades using Vagrant
- Using Ansible with Vagrant to create a Docker host
- Using Docker containers on CoreOS with Vagrant
- 2. Provisioning IaaS with Terraform
- Introduction
- Configuring the Terraform AWS provider
- Creating and using an SSH key pair to use on AWS
- Using AWS security groups with Terraform
- Creating an Ubuntu EC2 instance with Terraform
- Generating meaningful outputs with Terraform
- Using contextual defaults with Terraform
- Managing S3 storage with Terraform
- Creating private Docker repositories with Terraform
- Creating a PostgreSQL RDS database with Terraform
- Enabling CloudWatch Logs for Docker with Terraform
- Managing IAM users with Terraform
- 3. Going Further with Terraform
- Introduction
- Handling different environments with Terraform
- Provisioning a CentOS 7 EC2 instance with Chef using Terraform
- Using data sources, templates, and local execution
- Executing remote commands at bootstrap using Terraform
- Using Docker with Terraform
- Simulating infrastructure changes using Terraform
- Teamwork – sharing Terraform infrastructure state
- Maintaining a clean and standardized Terraform code
- One Makefile to rule them all
- Team workflow example
- Managing GitHub with Terraform
- External monitoring integration with StatusCake
- 4. Automating Complete Infrastructures with Terraform
- Introduction
- Provisioning a complete CoreOS infrastructure on Digital Ocean with Terraform
- Provisioning a three-tier infrastructure on Google Compute Engine
- Provisioning a GitLab CE + CI runners on OpenStack
- Managing Heroku apps and add-ons using Terraform
- Creating a scalable Docker Swarm cluster on bare metal with Packet
- 5. Provisioning the Last Mile with Cloud-Init
- Introduction
- Using cloud-init on AWS, Digital Ocean, or OpenStack
- Handling files using cloud-init
- Configuring the server's time zone using cloud-init
- Managing users, keys, and credentials using cloud-init
- Managing repositories and packages using cloud-init
- Running commands during boot using cloud-init
- Configuring CoreOS using cloud-init
- Deploying Chef Client from start to finish using cloud-init
- Deploying a remote Docker server using cloud-init
- 6. Fundamentals of Managing Servers with Chef and Puppet
- Introduction
- Getting started (notions and tools)
- Installing the Chef Development kit and Puppet Collections
- Creating a free hosted server Chef account and a Puppet server
- Automatically bootstrapping a Chef client and a Puppet agent
- Installing packages
- Managing services
- Managing files, directories, and templates
- Handling dependencies
- More dynamic code using notifications
- Centrally sharing data using a Chef data bag and Hiera with Puppet
- Creating functional roles
- Managing external Chef cookbooks and Puppet modules
- 7. Testing and Writing Better Infrastructure Code with Chef and Puppet
- Introduction
- Linting Chef code with Foodcritic and Puppet code with puppet-lint
- Unit testing with ChefSpec and rspec-puppet
- Getting ready
- How to do it…
- The Spec Helper
- Testing a successful Chef run context
- Testing a package installation
- Testing services status
- Testing another recipe from the same cookbook
- Testing directory creation
- Testing file creation
- Testing templates creation
- Stubbing data bags for searches
- Testing recipes inclusion
- Intercepting errors in tests
- There's more…
- See also
- Testing infrastructure with Test Kitchen for Chef and Beaker for Puppet
- Integration testing with ServerSpec
- 8. Maintaining Systems Using Chef and Puppet
- Introduction
- Maintaining consistent systems using scheduled convergence
- Creating environments
- Using Chef encrypted data bags and Hiera-eyaml with Puppet
- Using Chef Vault encryption
- Accessing and manipulating system information with Ohai
- Automating application deployment (a WordPress example)
- Using a TDD workflow
- Planning for the worse – train to rebuild working systems
- 9. Working with Docker
- Introduction
- Docker usage overview
- Choosing the right Docker base image
- Getting ready
- How to do it…
- Starting from an Ubuntu image
- Starting from a CentOS image
- Starting from a Red Hat Enterprise Linux (RHEL) image
- Starting from a Fedora image
- Starting from an Alpine Linux image
- Starting from a Debian image
- Linux distributions container image size table
- Starting from a Node JS image
- Starting from a Golang image
- Starting from a Ruby image
- Starting from a Python image
- Starting from a Java image
- Starting from a PHP image
- See also
- Optimizing the Docker image size
- Versioning Docker images with tags
- Deploying a Ruby-on-Rails web application in Docker
- Building and using Golang applications with Docker
- Networking with Docker
- Creating more dynamic containers
- Auto-configuring dynamic containers
- Better security with unprivileged users
- Orchestrating with Docker Compose
- Linting a Dockerfile
- Deploying a private Docker registry with S3 storage
- 10. Maintaining Docker Containers
- Introduction
- Testing Docker containers with BATS
- Test-Driven Development (TDD) with Docker and ServerSpec
- The workflow for creating automated Docker builds from Git
- The workflow for connecting the Continuous Integration (CI) system
- Scanning for vulnerabilities with Quay.io and Docker Cloud
- Sending Docker logs to AWS CloudWatch logs
- Monitoring and getting information out of Docker
- Debugging containers using sysdig
- Index
In this chapter, we will cover the following recipes:
- Testing Docker containers with BATS
- Test-Driven Development (TDD) with Docker and ServerSpec
- The workflow for creating automated Docker builds from Git
- The workflow for connecting the Continuous Integration (CI) system
- Scanning for vulnerabilities with Quay.io and Docker Cloud
- Sending Docker logs to AWS CloudWatch Logs
- Monitoring and getting information out of Docker
- Debugging containers using sysdig
In this chapter, we'll explore some advanced and highly interesting areas that probably most developers today are already used to. Infrastructure code is still code, so it should be no different than software code; the same principle should apply. This means that the Docker code should be testable, the builds automatic, and the CI systems connected to our Git servers so they could continuously apply the tests. In addition to this, security checks should be part of the mandatory release process and the logs easy to access, even if the application is scaled on multiple machines. Also note that containers shouldn't be black boxes, and highly performant debugging tools should be available for us to do our work. The good news is that these topics will be covered in this chapter, because all of this can be done easily.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.