Pack Tuleap in a Docker container (part 1)

At Enalean we are using containers since day 1, 3 years ago (thanks to @christianbayle for centos5 and 6 LXC images). We know how reliable it is for both development environment and production.
Docker is the new kid in the block and is game changing in the way application are delivered in dev / staging and production. I will not make another introduction to docker, there plenty around the web and the best are already on https://docker.io
I’ll try to summarize the various things we did to pack Tuleap into Docker.

Disclaimer: this is a first attempt, and to make things easier we are currently packing everything in a single container. If you’re already a docker fan you know that’s not the way Docker people see the world (they tend toward a one container per app world). However the all-in-one approach does work and is a first step.

Initial work

The initial work here was done by @Erwyn. At the time the centos image was not really up to date nor stable. The documentation was sparse on the “redhatitude” way to do the things. One of the (undocumented) trick you had to do at time was to manually enable network

RUN echo "NETWORKING=yes" > /etc/sysconfig/network

The web part was almost functional but things closer to the system (git, backend) were not.

Step 1: Git, ssh and install in Dockerfile

Prepare the ground: deamons and supervisord

With the recent work of centos team to have centos image as a first class citizen we gave a second shot to it.
This time the target was to run Tuleap backend (depends on cron) and git (depends on sshd). It proved to be a tricky part and mostly undocumented, services refused to start (either with /usr/sbin/service, init.d or supervisord) or were started but were doing nothing.
For both of them, the solution is to update PAM configuration to disable pam_loginuid module

 RUN yum install -y cronie; yum clean all RUN sed -i '/session    required   pam_loginuid.so/c#session    required   pam_loginuid.so' /etc/pam.d/crond  RUN yum install -y openssh-server; yum clean all RUN sed -i '/session    required     pam_loginuid.so/c#session    required     pam_loginuid.so' /etc/pam.d/sshd  

Once this is done, both services works like a charm.
Last annoying step to have a working base image is to deal with supervisord. Supervisord is the (Docker) recommended way to run and manage the deamons inside containers. Remember, a container will stop (ie. the virtual machine “shuts down”) as soon as the running process exits so you need something that runs the deamon and keep the foreground, that’s supervisord.
Centos6 has packages for supervisord but they are not up-to-date enough. Some key features are missing like pidproxy required for mysql management. So you need to install it with pip.

 RUN yum install -y python-pip && pip install pip --upgrade RUN pip install supervisor 

This leads to tuleap-base-image.

Install Tuleap

On top of this image one can install Tuleap packages. It’s now quite straightforward.
The first version just did a couple of “yum install -y tuleap-???” followed by a setup.sh This version was very efficient: build the image once and run containers everywhere without configuration step.

 ## Use the official docker centos distribution ## FROM enalean/tuleap-base:1.0  ## Install dependencies ## RUN rpm --import https://apt.sw.be/RPM-GPG-KEY.dag.txt RUN rpm -i https://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm ADD rpmforge.repo /etc/yum.repos.d/  RUN rpm -i https://mir01.syntis.net/epel/6/i386/epel-release-6-8.noarch.rpm  ## Deploy Tuleap ## RUN yum install -y which redhat-lsb-core mysql-server openssh-server  ADD Tuleap.repo /etc/yum.repos.d/ RUN yum install -y tuleap RUN yum install -y tuleap-plugin-tracker RUN yum install -y tuleap-theme-experimental RUN yum install -y tuleap-theme-tuleap   RUN yum install -y tuleap-core-subversion RUN /sbin/service sshd start && yum install -y --enablerepo=rpmforge-extras tuleap-plugin-git  # Install Tuleap RUN bash /usr/share/tuleap/tools/setup.sh --sys-default-domain=localhost --sys-org-name=Tuleap --sys-long-org-name=Tuleap  ADD supervisord.conf /etc/supervisord.conf  CMD ["/usr/bin/supervisord"]  EXPOSE 22 80 443  

Nothing rocket science so far, with only one trick for git plugin. At install time, we setup gitolite and everything is done via SSH, hence we need to manually start the service beforehand.
A second version came quickly after to leverage on our Chef recepies. This time the Dockerfile is even more simple.

 ## Use the official docker centos distribution ## FROM enalean/tuleap-base:1.0  # Install Chef RUN yum install curl; yum clean all RUN curl -L https://www.opscode.com/chef/install.sh | bash  # Comes from ADD vagrant-tuleap /root/vagrant-tuleap  RUN /sbin/service sshd start && chef-solo -c /root/vagrant-tuleap/solo/solo.rb -j /root/vagrant-tuleap/solo/rpm.json  ADD supervisord.conf /etc/supervisord.conf  CMD ["/usr/bin/supervisord"]  EXPOSE 22 80 443  

As chef abstract all the configuration process, the Dockerfile is now dead simple.

More to come

In the next posts I will detail how we dealt with application upgrades, data persistency and much more. Watch this place !

About the Author

How great is the challenge of creating economic value for a company with a libre software. I enjoy this! It encourages me to think business and communication in a disruptive way. I believe in the core value of FLOSS and agile spirit: open minded listening, transparency and co-creation. I'm Marketing Manager at Enalean.

Write Your Comment

three × 1 =

You may use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Websites located at enalean.com and other enalean.com subdomains need to store and access cookies on your device. We need your acceptance. Get more information.

Yes, I agree No, I disagree