- A long, multi-day wiki page install is distilled down into one docker image that builds in 5 minutes
- We get a repeatable environment usable whenever we need to deploy, without worrying about underlying changes of configuration files
- Being able to build a local Development version of the environment that can be brought up and used in minutes, rather than move to the Development vm and run some install scripts for an environment we barely use. Updates to this system are rare.
Because I love automation I added some local shell scripts to check for running Docker images, containers, and added cleanup for previous builds. In testing I was building these over and over and found I had at one point 5 GB of previous build images that I don't need. The scripts also handle stopping the Containers so I don't have collisions in case I forget to check if the Containers are running, sometimes I don't check my laptop after the weekend to see what I might have left running. I know, that's a bad habit, but this way I don't need to worry.
For my Local Development environment I know what IP I am going to start my Containers on, so I added an entry in my HOST file to be able to use a named instance to the Container when it comes up. I like that better than worrying about trying to connect to an IP address.
As part of adding this into Jenkins I added parameters to the shell scripts to build for the environments I need, a Local Development environment needs MySQL the Production environment has an RDS DB running, so all I need for that is Tomcat. This way all the configuration is set in the Dockerfile and I just build for the environment I want.
#!/bin/bash
# Build script for Local Tomcat usable on local environments
BUILD='LOCAL'show_help(){cat << EOFusage:$0 -b local for local Thunder and MySQL Docker (DEFAULT)$0 -b prod for remote Thunder Docker image to connect to AWS RDSEOF}while getopts "hb:" opt; docase $opt inh)show_helpexit 0;;b)BUILD=$OPTARG;;esacdone# WAR file and web server filesecho "We should always want to do a clean then a new build"wget -O www/scripts/jquery.js code.jquery.com/jquery-1.11.1.jscp www/index.html.template.templ www/index.html./gradlew clean buildif [ -e build/libs/my.war ]thenecho "my.war was built correctly"elseecho "my.war was not built, some kind of problem?"exit 1fi# Stop the existing images, if they are runningLOCAL=`docker ps -q --filter=ancestor=local`PROD=`docker ps -q --filter=ancestor=prod`MYSQL=`docker ps -q --filter=ancestor=mysql`if [ ! -z "$LOCAL" ]; thenecho "Stopping running Local instance"docker stop localfiif [ ! -z "$PROD" ]; thenecho "Stopping running Prod instance"docker stop prodfiif [ ! -z "$MYSQL" ]; thenecho "Stopping MySQL instance"docker stop mysqlfi# Let's just be cleanly and remove all those old dangly imagesdocker system prune -f# Create a Docker imageif [ "${BUILD}" == 'LOCAL' ]thenecho -e "Running a $BUILD build"# Build all for local but only need Tomcat for Proddocker build -t mysql -f deployment/docker/local/mysql/Dockerfile .docker build -t local -f deployment/docker/local/tomcat/Dockerfile .elseecho -e "Running a $BUILD build"# Prod version should be prod name, don't need a databasedocker build -t prod -f deployment/docker/prod/tomcat/Dockerfile .fi# Cleanup the files we only need for the war filerm www/index.htmlrm www/scripts/jquery.js
For Tomcat I have some configuration to do with the context and server files, that will vary for environment, but what I especially needed was a way in Docker to build up a self-signed certificate without manual intervention. After some searching around and trial/error I was able to come up with the commands that I needed to build that.
FROM tomcat:7.0-jre8# Install useful toolsRUN apt-get update && \apt-get -y upgrade && \apt-get install -y wget vim curl procps tar libssl-dev --fix-missing --no-install-recommends# Configure Tomcat ContainerCOPY build/libs/my.war /usr/local/tomcat/webapps/COPY deployment/docker/local/resources/local-server.xml /usr/local/tomcat/conf/server.xmlCOPY deployment/docker/local/resources/local-context.xml /usr/local/tomcat/conf/context.xmlCOPY deployment/docker/local/resources/local-environment.xml /usr/local/tomcat/conf/environment.xmlCOPY deployment/docker/local/resources/local-testserver.xml /usr/local/tomcat/conf/testserver.xml# MySQL ConnectorWORKDIR /usr/local/tomcat/lib/RUN curl -L -o mysql-connector-java-5.1.46.tar.gz https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.46.tar.gz# Add in untar of the mysql-connector-java-5.1.46/mysql-connector-java-5.1.46.jarRUN tar -xf mysql-connector-java-5.1.46.tar.gz mysql-connector-java-5.1.46/mysql-connector-java-5.1.46.jarRUN cp mysql-connector-java-5.1.46/mysql-connector-java-5.1.46.jar .# Configure Tomcat User and GroupENV RUN_USER tomcatENV RUN_GROUP tomcatRUN groupadd -r ${RUN_GROUP} && useradd -g ${RUN_GROUP} -d ${CATALINA_HOME} -s /bin/bash ${RUN_USER} && \chown -R ${RUN_USER}:${RUN_USER} $CATALINA_HOMERUN chown -R ${RUN_USER}.${RUN_USER} /data/RUN chown -R ${RUN_USER}.${RUN_USER} /usr/local/resource-manager/# Setup SSL for TomcatWORKDIR /usr/local/tomcat/conf/RUN $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storepass changeit -keypass changeit -noprompt -dname "CN=local.test.server, OU=Central, O=MYCOMP, L=BOSTON, S=Massachusetts, C=US" -keystore "/usr/local/tomcat/conf/.keystore"RUN openssl req -newkey rsa:2048 -x509 -subj "/C=US/ST=Massachusetts/L=BOSTON/O=MYCOMP/CN=local.test.server" -keyout cakey.pem -out cacert.pem -passout pass:mypassRUN openssl pkcs12 -export -in cacert.pem -inkey cakey.pem -out identity.p12 -name "local" -passin pass:mypass -password pass:mypassRUN keytool -importkeystore -destkeystore identity.jks -deststorepass mypass -srckeystore identity.p12 -srcstoretype PKCS12 -srcstorepass mypassRUN keytool -import -file cacert.pem -keystore trust.jks -storepass mypass -nopromptWORKDIR /usr/local/tomcat/USER tomcat
For the Production build I need an actual certificate, but since that environment is not fully ready I don't need to import that yet.
There is a shell script that gets the Local Development environment running, using Docker-Compose I am able to get the environment I need up and running. Again the shell script has a path for Local and Production environments setting them up appropriately.
#!/bin/bashBUILD='LOCAL'show_help(){cat << EOFusage:$0 -b LOCAL for local Thunder and MySQL Docker (DEFAULT)$0 -b PROD for remote Thunder Docker image to connect to AWS RDSEOF}while getopts "hb:" optdocase "$opt" inh)show_helpexit 0;;b)BUILD=$OPTARG;;esacdone# Stop the existing images, if they are runningLOCAL=`docker ps -q --filter=ancestor=local`PROD=`docker ps -q --filter=ancestor=prod`MYSQL=`docker ps -q --filter=ancestor=mysql`if [ ! -z "$LOCAL" ]; thenecho "Stopping running Local instance"docker stop localfiif [ ! -z "$PROD" ]; thenecho "Stopping running Prod instance"docker stop prodfiif [ ! -z "$MYSQL" ]; thenecho "Stopping MySQL instance"docker stop mysqlfi# Check for Local or Prod build then use the right directoriesif [ "${BUILD}" == 'LOCAL' ]thenecho -e "Starting a $BUILD environment"docker-compose -f deployment/docker/local/tomcat.yaml --verbose up -delseecho -e "Starting a $BUILD environment"docker-compose -f deployment/docker/prod/tomcat.yaml --verbose up -dfi
The YAML file I set for the environment gets the Containers up and running with the settings I needed.
version: '2.2'services:tomcat:container_name: tomcatimage: local:latestenvironment:CATALINA_OPTS: "-server -Xms1024m -Xmx2048m -XX:PermSize=1024m -XX:MaxPermSize=1536m -Dhost_default_domain=tlocal.test.server -Djava.net.preferIPv4Stack=true -agentlib:jdwp=transport=dt_socket,address=1043,server=y,suspend=n"ports:- "127.0.0.1:80:8080"- "443:8443"restart: on-failurelinks:- mysqlmysql:container_name: mysqlimage: mysql:latestports:- 3306:3306environment:MYSQL_DATABASE: testdbMYSQL_USER: testadminMYSQL_PASSWORD: testpassMYSQL_ROOT_PASSWORD: testpassmem_limit: 1000000000
With that I have my Tomcat and MySQL Containers up and running, I can point some local tests to the Test Server URL and have my tests run against and archive their runs locally. This gives me flexibility in testing changes as I can do my code locally build my Docker environment and test without worrying about checking into the repository and checking out in another environment that may or may not be in use.