Docker-in-docker Docker Compose with sshd

Dockerfile:

##
# Docker client with docker-compose && sshd
#
# use on a Docker host to allow you to ssh and access Docker and Compose remotely
# e.g., as part of CI/CD on a private network.
# ** Not for production use on publicly-exposed server **
#
# mount for docker host socket:
#    -v /var/run/docker.sock:/var/run/docker.sock:ro
# mount for docker-compose access (optional):
#    -v /host/compose/root:/opt/compose/alias
# cd or reference -f /alias/to/docker-compose.yml file when using docker-compose ...
#####
 
FROM docker:17
# (uses Alpine)
 
RUN apk add --update py-pip
RUN pip install docker-compose
 
# RUN apk add ca-certificates curl openssl nano
RUN apk add openssh
 
# use fresh keys: (could also do on startup)
RUN rm -rf /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
RUN /usr/bin/ssh-keygen -A
 
# install (or append) to authorized_keys: (optional)
COPY certs/my-deploy.pub /root/.ssh/authorized_keys
 
# cleanup install:
RUN rm  -rf /tmp/* /var/cache/apk/*
 
EXPOSE 22
 
# remove prior entrypoint if there is one:
ENTRYPOINT []
CMD ["/usr/sbin/sshd","-D"]

Build ID from Git (updated)

A simple build_id can be generated from Git via:

git log --pretty=oneline | wc -l

which will give you something like 9682

And while this will likely vary by branch, you really want to base a build id only from the branch you are deploying to production (in our case, release) anyway. It won’t let you name a work-in-progress, so that might be an issue for some people but also might enforce good practice by not letting you name a release until it’s “done”. As long as the naming is consistent, it should work. Of course in this scenario if you hot/bug-fix release that actual value will go up, but that’s not really what we care about, seems like our criterion would be:

  • something we can generate in an automated build
  • something sequential so it’s easy to tell the order to other builds
  • something unique (potential edge cases it may not be, but would be very edge-case)

    If you want a sequential number to give ordinal context but hash info for relevancy can use:

    echo $(git log --pretty=oneline | wc -l)-$(git log -1 '--pretty=format:%h')

    which will give you something like 9682-36a51c8

    log count + “-” + truncated last commit hash. You could add zero-padding or similar if desired.

    This seems particularly useful if you aren’t tagging at the time you create the id. Otherwise, you would be able to get the hash from the tag.

  • Install PHP Composer

    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    php -r "if (hash_file('SHA384', 'composer-setup.php') === '669656bab3166a7aff8a7506b8cb2d1c292f042046c5a994c43155c0be6190fa0355160742ab2e1c88d40d5be660b410') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
    php composer-setup.php
    php -r "unlink('composer-setup.php');"

    if desired move (or use install arg) to put binary into path, e.g., mv composer.phar /usr/local/bin/composer

    see: https://getcomposer.org/download/
    and: https://getcomposer.org/doc/00-intro.md#installation-linux-unix-osx

    Zip contents of current directory for Lambda

    To create a AWS Lambda bundle, you need create a zip archive of your app directory that doesn’t contain a parent directory. To do this, cd to your app directory and execute:

    zip -r -X "../app.zip" *

    Override Docker Entrypoint properly

    It’s not always so obvious what format the `ENTRYPOINT` override should take in a `docker run` command, so here is an example to clarify if you wanted to get a file list instead of the default entrypoint: first override the default ENTRYPOINT command with `/bin/ls` as a `run` argument then pass any args after the image name.

    docker run --entrypoint "/bin/ls" namespace/imagename -al /container/path/tolist

    As mentioned in the Docker docs, ENTRYPOINT only specifies the executable to run when the container starts.

    Docker copy files from image to local

    You can’t easily copy file directly from a Docker image, but you can from a temporary container. Couple different ways to do it include:

    Run a temp container and copy into local mounted directory, here it’s a directory named “tmp” inside your current directory:

    docker run --rm -v $(pwd)/tmp:/tmp <image-name:tag> sh -c "cp -r /path/to/files/* /tmp"

    You could do additional pre/post processing and gather additional files as needed, etc. by updating the sh (or bash or other) command.

    Or you can simply copy a directory from a static temporary container to a tar file:

    id=$(docker create <image-name:tag>)
    docker cp $id:path - > local.tar
    docker rm -v $id

    « Previous Entries Next Entries »