First try without systemd During my previous mission, we used AWS ECR to manage the docker images. Amazon EC2 Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. To be able to store/retrieve docker images, you have to be authenticated. AWS CLI provides a command which takes your credentials and generate a token, authenticating the user for 12 hours. ...
In a previous article I talked about switching to https. Since the 3rd December, Let’s Encrypt is in public beta1, that means that everybody can have free trusted ssl certificates. That’s right, you heard it. What would be an agileek article without a little bit of Docker in it? Goal I will show you how to generate and use an ssl certificate with nginx. First, you generate the certificate with: docker run -it --rm -p 443:443 --name letsencrypt -v /etc/letsencrypt:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt quay.io/letsencrypt/letsencrypt:latest --server https://acme-v01.api.letsencrypt.org/directory certonly -a standalone -d hello.bitard.fr ...
Vous avez un projet où il faut 3 jours d’installation acharnée en suivant un wiki obsolète pour réussir à faire un premier commit ? Vous n’osez plus mettre à jour votre poste depuis 2006 de peur de ne plus pouvoir travailler ? Vous en avez marre d’oublier de mettre à jour le wiki chaque fois qu’il faut installer quelque chose de nouveau pour votre projet ? Ce post est fait pour vous ! ...
Scenario I want to be sure I don’t lose data when I stop my container. Given A simple program which add to a list the current time every second (Very critical program) and write the list to a file when it exits. private static final Path parentDirectory = Paths.get("dataFolder"); private static final Path data = Paths.get(parentDirectory.toString(), "data"); public static void main(String[] args) throws IOException, InterruptedException { if (!Files.exists(data)) { Files.createDirectories(parentDirectory); Files.createFile(data); } List<String> lines = Files.readAllLines(data); Runtime.getRuntime().addShutdownHook(new Thread() { public void run() { Charset charset = Charset.forName("utf-8"); try (BufferedWriter writer = Files.newBufferedWriter(data, charset)) { for (String line : lines) { writer.write(line, 0, line.length()); writer.newLine(); } } catch (IOException ex) { throw new RuntimeException("Couldn't save lines"); } } }); while (true) { lines.add(Instant.now().toString()); Thread.sleep(1000); } } I assume it’s understandable even if you are not familiar with java. If not, let me know and I’ll explain it. ...
Scenario I want to transfer efficiently my images to the production machines. Given My Dockerfile with android sdk ADD http://dl.google.com/android/android-sdk_r24.0.2-linux.tgz /opt/android-sdk.tgz RUN tar xzf /opt/android-sdk.tgz -C /opt/ RUN rm -f /opt/android-sdk.tgz built with docker build -t docker_layers . When I want to push it to the registry Then It will push 3 layers: the first is the android tgz pushed into /opt the second is the extracted sdk into the /opt directory the last one is the deletion of the tgz This is really not optimal, the first and third layer are useless. Worst, they use space on your filesystems, on your network when you pull/push, … ...
This begins a serie of docker tips. Scenario I want to remove a container from my host Given My very simple Dockerfile FROM phusion/baseimage:0.9.16 RUN echo useless command VOLUME ["/data"] built with docker build -t test . Given A container based on this image started with docker run --name test_container -ti test /bin/dd if=/dev/zero of=/data/agileek_test.file count=102400 bs=1024 When I remove it: docker rm test_container Then I expect to have everything deleted, right? Wrong ...
For my client I need to benchmark a multi-threaded/multi-server solution. Unfortunately, we only have a big server (128 GB, 32 cores,…) and we are putting all our instances on this single server. As each instance is multi-threaded, we noticed that they often get in each others way, resulting in bad performances (context swapping, …). We solved this problem in 2 ways. On one hand we used thread affinity in the application in order to bind some thread to a given CPU, and on the other hand we used docker to authorize a given application to access only some CPUs (via cpuset). ...